-
Notifications
You must be signed in to change notification settings - Fork 0
/
template-efs-vpc.yml
118 lines (107 loc) · 2.92 KB
/
template-efs-vpc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
AWSTemplateFormatVersion: 2010-09-09
Transform:
- AWS::Serverless-2016-10-31
Resources:
lambdaEfs:
Type: "AWS::EFS::FileSystem"
Properties:
FileSystemTags:
- Key: Name
Value: lambdaEfs
PerformanceMode: generalPurpose
efsVpc:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: lambdaEfsVpc
efsPrivateSubnet:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone:
Fn::Select:
- 0
- Fn::GetAZs: !Ref "AWS::Region"
CidrBlock: 10.0.1.0/24
Tags:
- Key: Name
Value: lambdaEfsPrivateSubnet
VpcId: !Ref efsVpc
efsVpcPrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref efsVpc
Tags:
- Key: Name
Value: lambdaEfsPrivateRouteTable
efsVpcSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref efsPrivateSubnet
RouteTableId: !Ref efsVpcPrivateRouteTable
efsMountTarget:
Type: "AWS::EFS::MountTarget"
Properties:
FileSystemId: !Ref lambdaEfs
SecurityGroups:
- !GetAtt efsVpc.DefaultSecurityGroup
SubnetId: !Ref efsPrivateSubnet
lambdaEfsAccessPt:
Type: "AWS::EFS::AccessPoint"
Properties:
FileSystemId: !Ref lambdaEfs
PosixUser:
Uid: "1000"
Gid: "1000"
RootDirectory:
CreationInfo:
OwnerGid: "1000"
OwnerUid: "1000"
Permissions: "0777"
Path: "/lambda"
lambdaS3VpcEndPt:
Type: "AWS::EC2::VPCEndpoint"
Properties:
RouteTableIds:
- !Ref efsVpcPrivateRouteTable
ServiceName: !Sub "com.amazonaws.${AWS::Region}.s3"
VpcEndpointType: Gateway
VpcId: !Ref efsVpc
lambdaSqsVpcEndPt:
Type: "AWS::EC2::VPCEndpoint"
Properties:
SecurityGroupIds:
- !GetAtt efsVpc.DefaultSecurityGroup
ServiceName: !Sub "com.amazonaws.${AWS::Region}.sqs"
PrivateDnsEnabled: true
SubnetIds:
- !Ref efsPrivateSubnet
VpcEndpointType: Interface
VpcId: !Ref efsVpc
dynamoDbVpcEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
RouteTableIds:
- !Ref efsVpcPrivateRouteTable
ServiceName: !Sub "com.amazonaws.${AWS::Region}.dynamodb"
VpcEndpointType: Gateway
VpcId: !Ref efsVpc
Outputs:
efsVpcArn:
Description: ARN of custom VPC with EFS endpoit
Value: !GetAtt lambdaEfsAccessPt.Arn
Export:
Name: !Sub "${AWS::StackName}-access-pt-arn"
vpcSubnetId:
Description: EFS VPC private subnet id
Value: !Ref efsPrivateSubnet
Export:
Name: !Sub "${AWS::StackName}-subnet-id"
vpcSecurityGroupId:
Description: EFS VPC Security Group id
Value: !GetAtt efsVpc.DefaultSecurityGroup
Export:
Name: !Sub "${AWS::StackName}-secgroup-id"