Add notes for setting up a VPN with mu.yml

stelligent · Aug 16, 2017 · ebe25cc · ebe25cc
1 parent af619fc
commit ebe25cc
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -38,6 +38,7 @@ Check out the [examples](examples) to see snippets of `mu.yml` configuration fil
 * **[HTTPS](examples/elb-https)** - Enable HTTPS on the ALB for an environment
 * **[DNS](examples/elb-dns)** - Associate Route53 resource record with ALB for an environment
 * **[VPC Target](examples/vpc-target)** - Targeting an existing VPC for an environment
+* **[VPN Connection](examples/vpn)** - Demonstration of adding VPN via CloudFormation
 * **[Custom CloudFormation](examples/custom-cloudformation)** - Demonstration of adding custom AWS resources via CloudFormation
 * **[Traditional Infrastructure](examples/ec2-provider)** - Demonstration of using EC2 + CodeDeploy rather than ECS for running services
 

diff --git a/examples/vpn/README.md b/examples/vpn/README.md
@@ -0,0 +1,5 @@
+# Examples
+These examples are not intended to be run directly.  Rather, they serve as a reference that can be consulted when creating your own `mu.yml` files.
+
+For detailed steps to create your own project, check out the [quickstart](https://github.com/stelligent/mu/wiki/Quickstart#steps).
+
diff --git a/examples/vpn/mu.yml b/examples/vpn/mu.yml
@@ -0,0 +1,70 @@
+---
+
+environments:
+  - name: prod
+
+templates:
+  mu-vpc-prod:
+    Resources:
+      CustomerGateway:
+        Type: "AWS::EC2::CustomerGateway"
+        Properties:
+          BgpAsn: 65000
+          IpAddress: 1.1.1.1 # Public IP of remote VPN device
+          Type: ipsec.1
+      VirtualPrivateGateway:
+        Type: "AWS::EC2::VPNGateway"
+        Properties: 
+          Type: ipsec.1
+      VPNconnection:
+        Type: "AWS::EC2::VPNConnection"
+        Properties: 
+          Type: ipsec.1
+          CustomerGatewayId:
+            Ref: CustomerGateway
+          StaticRoutesOnly: true
+          VpnGatewayId:
+            Ref: VirtualPrivateGateway
+        DependsOn: VPCGatewayAttachment
+      VPCGatewayAttachment:
+        Type: "AWS::EC2::VPCGatewayAttachment"
+        Properties: 
+          VpcId: 
+            Ref: VPC
+          VpnGatewayId: 
+            Ref: VirtualPrivateGateway
+        DependsOn: VirtualPrivateGateway
+      VPNInstanceInboundNetworkAclEntry1:
+        Type: AWS::EC2::NetworkAclEntry
+        Properties:
+          NetworkAclId: 
+            Ref: InstanceNetworkAcl
+          RuleNumber: '105'
+          Protocol: '6'
+          RuleAction: allow
+          Egress: 'false'
+          CidrBlock: 10.50.0.0/24 # CIDR at remote network
+          PortRange:
+            From: '0'
+            To: '65535'
+      VPNInstanceOutboundUdpNetworkAclEntry1:
+        Type: AWS::EC2::NetworkAclEntry
+        Properties:
+          NetworkAclId: 
+            Ref: InstanceNetworkAcl
+          RuleNumber: '105'
+          Protocol: '17'
+          RuleAction: allow
+          Egress: 'true'
+          CidrBlock: 10.50.0.0/24 # CIDR at remote network
+          PortRange:
+            From: '0'
+            To: '65535'
+      VPNRoutePropagation:
+        Type: "AWS::EC2::VPNGatewayRoutePropagation"
+        DependsOn: VPCGatewayAttachment
+        Properties: 
+          RouteTableIds:
+          - Ref: InstanceRouteTable
+          VpnGatewayId: 
+            Ref: VirtualPrivateGateway
diff --git a/wiki b/wiki