dev-resources.site
for different kinds of informations.
Customize VPCs with CloudFormation Conditions
Published at
1/13/2025
Categories
aws
vpc
cloudformation
iac
Author
mawulikode
Author
10 person written this
mawulikode
open
Using CloudFormation Conditions you can decide which resources to create/configure from your CloudFormation template.
In this post, we are going to build a template that can create a VPC with private subnets and a NAT gateway or only public subnets depending on a parameter when creating the CloudFormation stack.
Steps to create and use Conditions
- Define the input parameters you want your condition to evaluate.
- Define the condition by using the intrinsic condition functions.
- Declare the condition in resources or outputs you want to create.
Let's dive into the example!
Define the parameter and condition
In the first part of our template, we'll define our parameter and condition.
We associate the CreatePrivateResources condition with a value/option from our CreateNatGateway parameter. This enables us to do what has been discussed in the intro above.
Parameters:
CreateNatGateway:
Type: String
Description: "Need a NAT Gateway?"
AllowedValues:
- yes
- no
Default: yes
Conditions:
CreatePrivateResources: !Equals
- !Ref CreateNatGateway
- yes
Define the public resources
Here, we will define our VPC, internet gateway, public subnets, routes and route tables. These resources will always be created. This is because they will not have any condition associated with them.
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.0.0.0/16"
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-VPC"
# Public Resources
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-InternetGateway"
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: "10.0.1.0/24"
MapPublicIpOnLaunch: true
AvailabilityZone: !Select [0, !GetAZs ""]
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PublicSubnet1"
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: "10.0.2.0/24"
MapPublicIpOnLaunch: true
AvailabilityZone: !Select [1, !GetAZs ""]
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PublicSubnet2"
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PublicRouteTable"
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable
PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTable
Use the condition
We now apply our condition to selected resources which creates a private environment for us, i.e. NatGateway, private subnets and routes etc. If we choose no at the prompt, these will not get created.
We also control the display of outputs using the same conditions.
# Private Resources
NatGateway:
Condition: CreatePrivateResources
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt EIPNatGateway.AllocationId
SubnetId: !Ref PublicSubnet1
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-NatGateway"
EIPNatGateway:
Condition: CreatePrivateResources
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-EIPNatGateway"
PrivateSubnet1:
Condition: CreatePrivateResources
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: "10.0.3.0/24"
MapPublicIpOnLaunch: false
AvailabilityZone: !Select [0, !GetAZs ""]
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PrivateSubnet1"
PrivateSubnet2:
Condition: CreatePrivateResources
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: "10.0.4.0/24"
MapPublicIpOnLaunch: false
AvailabilityZone: !Select [1, !GetAZs ""]
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PrivateSubnet2"
PrivateRouteTable:
Condition: CreatePrivateResources
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PrivateRouteTable"
PrivateRoute:
Condition: CreatePrivateResources
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: "0.0.0.0/0"
NatGatewayId: !Ref NatGateway
PrivateSubnet1RouteTableAssociation:
Condition: CreatePrivateResources
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet1
RouteTableId: !Ref PrivateRouteTable
PrivateSubnet2RouteTableAssociation:
Condition: CreatePrivateResources
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet2
RouteTableId: !Ref PrivateRouteTable
Outputs:
VPCId:
Description: "VPC ID"
Value: !Ref VPC
PublicSubnet1Id:
Description: "Public Subnet 1 ID"
Value: !Ref PublicSubnet1
PublicSubnet2Id:
Description: "Public Subnet 2 ID"
Value: !Ref PublicSubnet2
PrivateSubnet1Id:
Condition: CreatePrivateResources
Description: "Private Subnet 1 ID"
Value: !Ref PrivateSubnet1
PrivateSubnet2Id:
Condition: CreatePrivateResources
Description: "Private Subnet 2 ID"
Value: !Ref PrivateSubnet2
NatGatewayId:
Condition: CreatePrivateResources
Description: "NAT Gateway ID"
Value: !Ref NatGateway
You can now customize your VPC creation just by changing a parameter.
Thanks for reading. Happy Building!
cloudformation Article's
30 articles in total
Thrilled to Announce the Launch of My Book "Mastering Infrastructure as Code with AWS CloudFormation"
read article
[Solved] AWS Resource limit exceeded
read article
A Comparative Analysis of Terraform and CloudFormation
read article
AWS CDK Typescript Simple Project for Cloud Formation of Resources Required for Kubernetes Study
read article
Customize VPCs with CloudFormation Conditions
currently reading
AWS CloudFormation: Infrastructure as Code for Efficient Cloud Management
read article
Using CloudFormation to deploy a web app with HA
read article
Automated Control Rollout in AWS Control Tower
read article
Launch an EC2 instance in a custom-made VPC using cloud formation
read article
AWS Automatically Accept Transit Gateway Attachments for allowed CIDR and Account pairs
read article
AWS CloudFormation Git sync now allows you to review your stack changes via Pull Request (PR)
read article
Terraform vs. AWS CloudFormation: A Detailed Comparison
read article
Terraform vs CloudFormation: Choosing the Best IaC Tool
read article
Automating AWS Cost and Usage Report with CloudFormation
read article
Calling All Senior DevOps Trailblazers!
read article
Move aws resources from one stack to another cloudformation stack
read article
Amazon CloudFormation Custom Resources Best Practices with CDK and Python Examples
read article
Domesticate AWS nested stacks in Java: doing the chores Cloudformation doesn't do (w/ code samples)
read article
Please stop publishing AWS S3 buckets as static websites! Read here for a secure, fast, and free-ish approach [1st episode]
read article
App runner with CloudFormation AWS (json, nodejs, java )
read article
Introducing AWS CloudFormation
read article
Simple steps to create AWS EKS Cluster and Nodes
read article
Deep Dive on Amazon Managed Workflows for Apache Airflow Using CloudFormation
read article
Importing CloudFormation Resources to help fix deployments to Production
read article
Update Github token in Codepipeline with Cloudformation
read article
Integration of Chatbot(Amazon Lex) in a static website (Hosted on S3 and cloud front)
read article
AWS CloudFormation - Automating Cloud Infrastructure
read article
Creating an AWS Auto Scaling Architecture with a monitoring dashboard
read article
Terraform vs. AWS CloudFormation
read article
Use AWS StepFunctions for SSM Patching Alerts
read article
Featured ones: