wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-07-22 05:23:02 +02:00
Code Issues Projects Releases Wiki Activity
algo/roles/cloud-ec2/files/stack.yml
Jack Ivanov 3488e660ad Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
2018-05-24 08:15:27 -07:00

199 lines
4.6 KiB
YAML
Raw Blame History

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Algo VPN stack'
Parameters:
InstanceTypeParameter:
Type: String
Default: t2.micro
PublicSSHKeyParameter:
Type: String
ImageIdParameter:
Type: String
WireGuardPort:
Type: String
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.16.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: Algo
- Key: Environment
Value: Algo
VPCIPv6:
Type: AWS::EC2::VPCCidrBlock
Properties:
AmazonProvidedIpv6CidrBlock: true
VpcId: !Ref VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Environment
Value: Algo
- Key: Name
Value: Algo
Subnet:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.16.254.0/23
MapPublicIpOnLaunch: false
Tags:
- Key: Environment
Value: Algo
- Key: Name
Value: Algo
VpcId: !Ref VPC
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Environment
Value: Algo
- Key: Name
Value: Algo
Route:
Type: AWS::EC2::Route
DependsOn:
- InternetGateway
- RouteTable
- VPCGatewayAttachment
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteIPv6:
Type: AWS::EC2::Route
DependsOn:
- InternetGateway
- RouteTable
- VPCGatewayAttachment
Properties:
RouteTableId: !Ref RouteTable
DestinationIpv6CidrBlock: "::/0"
GatewayId: !Ref InternetGateway
SubnetIPv6:
Type: AWS::EC2::SubnetCidrBlock
DependsOn:
- RouteIPv6
- VPC
- VPCIPv6
Properties:
Ipv6CidrBlock:
"Fn::Join":
- ""
- - !Select [0, !Split [ "::", !Select [0, !GetAtt VPC.Ipv6CidrBlocks] ]]
- "::dead:beef/64"
SubnetId: !Ref Subnet
RouteSubnet:
Type: "AWS::EC2::SubnetRouteTableAssociation"
DependsOn:
- RouteTable
- Subnet
- Route
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref Subnet
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
DependsOn:
- Subnet
Properties:
VpcId: !Ref VPC
GroupDescription: Enable SSH and IPsec
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: '500'
ToPort: '500'
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: '4500'
ToPort: '4500'
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: !Ref WireGuardPort
ToPort: !Ref WireGuardPort
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: Algo
- Key: Environment
Value: Algo
EC2Instance:
Type: AWS::EC2::Instance
DependsOn:
- SubnetIPv6
- Subnet
- InstanceSecurityGroup
Metadata:
AWS::CloudFormation::Init:
config:
files:
/home/ubuntu/.ssh/authorized_keys:
content:
Ref: PublicSSHKeyParameter
mode: "000644"
owner: "ubuntu"
group: "ubuntu"
Properties:
InstanceType:
Ref: InstanceTypeParameter
InstanceInitiatedShutdownBehavior: terminate
SecurityGroupIds:
- Ref: InstanceSecurityGroup
ImageId:
Ref: ImageIdParameter
SubnetId: !Ref Subnet
Ipv6AddressCount: 1
UserData:
"Fn::Base64":
!Sub |
#!/bin/bash -xe
apt-get update
apt-get -y install python-pip
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
cfn-init -v --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
cfn-signal -e $? --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
Tags:
- Key: Name
Value: Algo
- Key: Environment
Value: Algo
ElasticIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref EC2Instance
DependsOn:
- EC2Instance
- VPCGatewayAttachment
Outputs:
ElasticIP:
Value: !Ref ElasticIP
Reference in a new issue View git blame Copy permalink