This project demonstrates the creation of an AWS Private Only VPC using AWS CloudFormation. The VPC is designed to host resources that do not require direct internet access, ensuring a secure and isolated environment. Key features include:
- Private Subnets: Resources are deployed in private subnets, enhancing security by restricting direct internet access.
- VPC Endpoints: Enables private connectivity to AWS services such as S3, KMS, and Secrets Manager without using an internet gateway.
- Security Groups and NACLs: Implements fine-grained control over inbound and outbound traffic to resources within the VPC.
- High Availability: Resources are distributed across multiple Availability Zones to ensure fault tolerance and high availability.
This setup is ideal for workloads that require enhanced security and compliance, such as backend services, databases, and internal applications.
Below is the architecture of the application:
- Amazon VPC: Isolated network environment for resources.
Before setting up the project, ensure you have:
- An AWS account
Make sure you have the following installed:
- AWS CLI
- AWS CloudFormation console access
- An AWS account with appropriate permissions
- Clone the repo
git clone https://github.com/subhamay-bhattacharyya/aws-cfn-nested-stacks.git
- Upload the nested stack templates to a bucket in your AWS account
cd <your local directory>aws-cfn-nested-stacks aws s3 sync /cfn-templates/ s3://<your bucket> --sse "aws:kms" \ --sse-kms-key-id <your kms key id> --storage-class GLACIER_IR
Follow these steps to set up the project locally:
git clone https://github.com/subhamay-bhattacharyya/0108-networking-cft.git
cd 0108-networking-cft
- Validate the CloudFormation template: Before deploying, validate the CloudFormation template to ensure there are no errors.
aws cloudformation validate-template --template-body file://template.yaml
- Deploy the CloudFormation stack: Use the AWS CLI to deploy the stack.
aws cloudformation deploy --template-file template.yaml --stack-name private-vpc-root-stack --capabilities CAPABILITY_NAMED_IAM
-
Monitor the deployment: You can monitor the progress of the stack deployment in the AWS CloudFormation console.
-
Verify resources: Once the stack is deployed, verify that all resources have been created successfully by checking the AWS Management Console.
mindmap
root )AWS Cloud(
VPC
Network ACL
Allow and Deny rules
Subnets
Route Table
Private Subnet
Security Group
Security Group Rule
VPC Endpoints
Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this project better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
Distributed under the MIT License. See LICENSE for more information.
Subhamay Bhattacharyya
