--- AWSTemplateFormatVersion: '2010-09-09' Description: 'Amazon EKS Sample VPC - Public subnets only' Parameters: VpcBlock: Type: String Default: 192.168.0.0/16 Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range. Subnet01Block: Type: String Default: 192.168.64.0/18 Description: CidrBlock for subnet 01 within the VPC Subnet02Block: Type: String Default: 192.168.128.0/18 Description: CidrBlock for subnet 02 within the VPC Subnet03Block: Type: String Default: 192.168.192.0/18 Description: CidrBlock for subnet 03 within the VPC. This is used only if the region has more than 2 AZs. Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "Worker Network Configuration" Parameters: - VpcBlock - Subnet01Block - Subnet02Block - Subnet03Block Conditions: Has2Azs: Fn::Or: - Fn::Equals: - {Ref: 'AWS::Region'} - ap-south-1 - Fn::Equals: - {Ref: 'AWS::Region'} - ap-northeast-2 - Fn::Equals: - {Ref: 'AWS::Region'} - ca-central-1 - Fn::Equals: - {Ref: 'AWS::Region'} - cn-north-1 - Fn::Equals: - {Ref: 'AWS::Region'} - sa-east-1 - Fn::Equals: - {Ref: 'AWS::Region'} - us-west-1 HasMoreThan2Azs: Fn::Not: - Condition: Has2Azs Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcBlock EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Sub '${AWS::StackName}-VPC' InternetGateway: Type: "AWS::EC2::InternetGateway" VPCGatewayAttachment: Type: "AWS::EC2::VPCGatewayAttachment" Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Public Subnets - Key: Network Value: Public Route: DependsOn: VPCGatewayAttachment Type: AWS::EC2::Route Properties: RouteTableId: !Ref RouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway Subnet01: Type: AWS::EC2::Subnet Metadata: Comment: Subnet 01 Properties: MapPublicIpOnLaunch: true AvailabilityZone: Fn::Select: - '0' - Fn::GetAZs: Ref: AWS::Region CidrBlock: Ref: Subnet01Block VpcId: Ref: VPC Tags: - Key: Name Value: !Sub "${AWS::StackName}-Subnet01" - Key: kubernetes.io/role/elb Value: 1 Subnet02: Type: AWS::EC2::Subnet Metadata: Comment: Subnet 02 Properties: MapPublicIpOnLaunch: true AvailabilityZone: Fn::Select: - '1' - Fn::GetAZs: Ref: AWS::Region CidrBlock: Ref: Subnet02Block VpcId: Ref: VPC Tags: - Key: Name Value: !Sub "${AWS::StackName}-Subnet02" - Key: kubernetes.io/role/elb Value: 1 Subnet03: Condition: HasMoreThan2Azs Type: AWS::EC2::Subnet Metadata: Comment: Subnet 03 Properties: MapPublicIpOnLaunch: true AvailabilityZone: Fn::Select: - '2' - Fn::GetAZs: Ref: AWS::Region CidrBlock: Ref: Subnet03Block VpcId: Ref: VPC Tags: - Key: Name Value: !Sub "${AWS::StackName}-Subnet03" - Key: kubernetes.io/role/elb Value: 1 Subnet01RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref Subnet01 RouteTableId: !Ref RouteTable Subnet02RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref Subnet02 RouteTableId: !Ref RouteTable Subnet03RouteTableAssociation: Condition: HasMoreThan2Azs Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref Subnet03 RouteTableId: !Ref RouteTable ControlPlaneSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Cluster communication with worker nodes VpcId: !Ref VPC Outputs: SubnetIds: Description: All subnets in the VPC Value: Fn::If: - HasMoreThan2Azs - !Join [ ",", [ !Ref Subnet01, !Ref Subnet02, !Ref Subnet03 ] ] - !Join [ ",", [ !Ref Subnet01, !Ref Subnet02 ] ] SecurityGroups: Description: Security group for the cluster control plane communication with worker nodes Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ] VpcId: Description: The VPC Id Value: !Ref VPC