{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template creates the environment to launch a cloud APIC cluster in an AWS environment. --AWSMP::6cad9a0e-821a-4f03-881e-fb1f66f4dc1f::e3adf898-04f3-4336-adba-ca015aaf9eb0", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": {"default" : "Cloud APIC Configuration"}, "Parameters": ["pFabricName", "pInfraVPCPool", "pAvailabilityZone", "pPassword", "pConfirmPassword", "pKeyName", "pExtNw"] } ], "ParameterLabels": { "pFabricName": { "default": "Fabric Name" }, "pInfraVPCPool": { "default": "Infra VPC Pool" }, "pAvailabilityZone": { "default": "Availability Zone" }, "pExtNw": { "default": "Access Control" }, "pPassword": { "default": "Password" }, "pConfirmPassword": { "default": "Confirm Password" }, "pKeyName": { "default": "SSH Key Pair" } } } }, "Parameters": { "pInfraVPCPool": { "Description": "IP address pool for Infra VPCs (must be a /24 prefix)", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.10.0.0/24", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/24." }, "pFabricName": { "Description": "Fabric Name (must be only alphanumeric chars separated by '-')", "Type": "String", "MinLength": "4", "MaxLength": "64", "AllowedPattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$", "ConstraintDescription": "must be only alphanumeric (no spaces and special characters are allowed except for '-')", "Default": "ACI-Cloud-Fabric" }, "pAvailabilityZone": { "Description": "Availability zone for Cloud APIC (Must select lexicographically lowest Availability zone)", "Type": "AWS::EC2::AvailabilityZone::Name", "AllowedPattern": ".+", "ConstraintDescription": "must be selected" }, "pExtNw": { "Description": "External network allowed to access Cloud APIC (x.x.x.x/x)", "Type": "String", "MinLength": "9", "MaxLength": "18", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP subnet of the form x.x.x.x/x" }, "pPassword": { "Description": "Admin Password for Cloud APIC", "Type": "String", "NoEcho": "true", "AllowedPattern":"^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{8,}$", "ConstraintDescription": "Password should contain 8 Characters or more, Atleast 1 letter, number and special character @$!%*#?&" }, "pConfirmPassword": { "Description": "Re-Enter Admin Password for Cloud APIC", "Type": "String", "NoEcho": "true", "AllowedPattern":"^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{8,}$", "ConstraintDescription": "Password should contain 8 Characters or more, Atleast 1 letter, number and special character @$!%*#?&" }, "pKeyName": { "Description": "Name of an existing SSH KeyPair to enable SSH access to Cloud APIC", "Type": "AWS::EC2::KeyPair::KeyName", "AllowedPattern": ".+", "ConstraintDescription": "must be selected" } }, "Conditions": { "cCreateInfraVPC": { "Fn::Not" : [{"Fn::Equals": [{"Ref": "pInfraVPCPool"}, "0.0.0.0/0"]}] } }, "Rules" : { "rMatchPasswords" : { "Assertions" : [{ "Assert" : {"Fn::Equals":[{"Ref":"pPassword"},{"Ref":"pConfirmPassword"}]}, "AssertDescription" : "Passwords do not match" }] } }, "Mappings": { "mAWSRegionCapicAmi": { "us-east-1" : {"amiId" : "ami-0ca7d33247762f759"}, "us-east-2" : {"amiId" : "ami-028f6faa33960bfb0"}, "us-west-1" : {"amiId" : "ami-07b09589a53df4653"}, "us-west-2" : {"amiId" : "ami-0e3205b25d664cff5"}, "ca-central-1" : {"amiId" : "ami-0338d190ce75a2135"}, "eu-central-1" : {"amiId" : "ami-0370fece3b3057c65"}, "eu-west-1" : {"amiId" : "ami-077ac241e88235190"}, "eu-west-2" : {"amiId" : "ami-06613c976f446ce69"}, "ap-southeast-1" : {"amiId" : "ami-07b80d13b3f3b30e0"}, "ap-southeast-2" : {"amiId" : "ami-066f7ae69a299fa09"}, "ap-south-1" : {"amiId" : "ami-0eeb79a3e9ccf1a33"}, "ap-northeast-1" : {"amiId" : "ami-00b7030d2ec61d95f"}, "ap-northeast-2" : {"amiId" : "ami-09f0c206efa563040"}, "sa-east-1" : {"amiId" : "ami-019fe581c71a781d4"}, "us-gov-west-1" : {"amiId" : "ami-89ddaae8"} } }, "Resources": { "rApicAdminFullAccessPolicy": { "Type": "AWS::IAM::ManagedPolicy", "Properties": { "Description": "Full Access for ApicAdmin Role", "ManagedPolicyName": "ApicAdminFullAccess", "Path": "/", "PolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "organizations:*", "Resource": "*" }, { "Action": "ec2:*", "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "s3:*", "Resource": "*" }, { "Effect": "Allow", "Action": "sqs:*", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:*", "Resource": "*" }, { "Effect": "Allow", "Action": "acm:*", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudtrail:*", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:*", "Resource": "*" }, { "Effect": "Allow", "Action": "logs:*", "Resource": "*" }, { "Effect": "Allow", "Action": "resource-groups:*", "Resource": "*" }, { "Sid": "CloudWatchEventsFullAccess", "Effect": "Allow", "Action": "events:*", "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:*", "Resource": "*" }] } } }, "rApicACMReadOnlyPolicy": { "Properties": { "Description": "Provides read only access to AWS Certificate Manager (ACM) for cAPIC", "ManagedPolicyName": "ApicACMReadOnlyPolicy", "Path": "/", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": [ "acm:DescribeCertificate", "acm:ListCertificates", "acm:GetCertificate", "acm:ListTagsForCertificate" ], "Resource": "*" } ], "Version": "2012-10-17" } }, "Type": "AWS::IAM::ManagedPolicy" }, "rApicTenantsAccessPolicy": { "Type": "AWS::IAM::ManagedPolicy", "Properties": { "Description": "Tenant Access Policy for ApicAdmin Role", "ManagedPolicyName": "ApicTenantsAccess", "Path": "/", "PolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "*" }] } } }, "rApicAdminRole": { "Type": "AWS::IAM::Role", "Description": "Admin role for C-Apic", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] }, "ManagedPolicyArns": [ { "Ref": "rApicAdminFullAccessPolicy" }, { "Ref": "rApicTenantsAccessPolicy" } ], "Path": "/", "RoleName": "ApicAdmin" } }, "rApicAdminReadOnlyRole": { "Type": "AWS::IAM::Role", "Description": "Admin role for C-Apic", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess", "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", "arn:aws:iam::aws:policy/IAMReadOnlyAccess", "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess", "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess", "arn:aws:iam::aws:policy/CloudWatchFullAccess", "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess", "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess", { "Ref": "rApicACMReadOnlyPolicy" } ], "Path": "/", "RoleName": "ApicAdminReadOnly" } }, "rApicAdminInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [{ "Ref": "rApicAdminRole" }] } }, "rApicAdminReadOnlyInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [{ "Ref": "rApicAdminReadOnlyRole" }] } }, "rInfraVPC": { "Condition": "cCreateInfraVPC", "Type": "AWS::EC2::VPC", "Properties": { "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "CidrBlock": { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "Tags": [ {"Key":"AciGCIgnore", "Value":""}, {"Key":"AciDnTag", "Value": {"Fn::Join": [ "", [ "acct-[infra]/region-[", { "Ref": "AWS::Region" }, "]/context-[overlay-1]-addr-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "]" ] ] } }, {"Key":"Name", "Value": {"Fn::Join": [ "", [ "context-[overlay-1]-addr-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "]" ] ] } } ] } }, "rInfraVPCInternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ {"Key":"AciGCIgnore", "Value":""}, {"Key":"AciDnTag", "Value": {"Fn::Join": [ "", [ "acct-[infra]/region-[", { "Ref": "AWS::Region" }, "]/context-[overlay-1]-addr-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "]/igw" ] ] } }, {"Key":"Name", "Value": "igw" } ] }, "DependsOn": ["rInfraVPC"] }, "rInfraVPCIgwAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "InternetGatewayId": {"Ref": "rInfraVPCInternetGateway"}, "VpcId": {"Ref": "rInfraVPC"} } }, "rInfraVPCPublicRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": {"Ref": "rInfraVPC"}, "Tags": [ {"Key":"AciGCIgnore", "Value":""}, {"Key":"AciDnTag", "Value": {"Fn::Join": [ "", [ "acct-[infra]/region-[", { "Ref": "AWS::Region" }, "]/context-[overlay-1]-addr-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "]/routetable-[", { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "16/28" ]]}, "]" ] ] } }, {"Key":"Name", "Value": {"Fn::Join": [ "", [ "routetable-[", { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "16/28" ]]}, "]" ] ] } } ] } }, "rInfraVPCPublicRoute": { "Type": "AWS::EC2::Route", "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "RouteTableId": {"Ref": "rInfraVPCPublicRouteTable"}, "GatewayId": {"Ref": "rInfraVPCInternetGateway"} }, "DependsOn": ["rInfraVPCIgwAttachment"] }, "rCAPICOOBSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": {"Ref": "rInfraVPC"}, "GroupDescription": "uni/tn-infra/cloudapp-cloud-infra/cloudepg-controllers", "GroupName": "uni/tn-infra/cloudapp-cloud-infra/cloudepg-controllers", "Tags": [ {"Key":"AciGCIgnore", "Value":""}, {"Key":"AciDnTag", "Value": {"Fn::Join": [ "", [ "acct-[infra]/region-[", { "Ref": "AWS::Region" }, "]/context-[overlay-1]-addr-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "]/sgroup-[uni/tn-infra/cloudapp-cloud-infra/cloudepg-controllers]" ] ] } }, {"Key":"Name", "Value": "sgroup-[uni/tn-infra/cloudapp-cloud-infra/cloudepg-controllers]"} ] } }, "rCAPICInfraSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": {"Ref": "rInfraVPC"}, "GroupDescription": "Allow All Traffic" } }, "rCAPICInfraAllTrafficRule": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties":{ "CidrIp": "0.0.0.0/0", "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "GroupId": { "Ref": "rCAPICInfraSecurityGroup" } } }, "rCAPICOOBSecurityGroupHTTPSIngressRuleCidr": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties":{ "CidrIp": {"Ref": "pExtNw"}, "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "GroupId": { "Ref": "rCAPICOOBSecurityGroup" } } }, "rCAPICOOBSecurityGroupSSHIngressRuleCidr": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties":{ "CidrIp": {"Ref": "pExtNw"}, "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "GroupId": { "Ref": "rCAPICOOBSecurityGroup" } } }, "rCAPICOOBSecurityGroupICMPIngressRuleCidr": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties":{ "CidrIp": {"Ref": "pExtNw"}, "IpProtocol": "icmp", "FromPort": "-1", "ToPort": "-1", "GroupId": { "Ref": "rCAPICOOBSecurityGroup" } } }, "rCAPICOOBSecurityGroupAllEgressRule": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties":{ "CidrIp": "0.0.0.0/0", "IpProtocol": "-1", "GroupId": { "Ref": "rCAPICOOBSecurityGroup" } } }, "rCAPICInfraSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": {"Ref" : "rInfraVPC"}, "CidrBlock": { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "28" ]]}, "AvailabilityZone": {"Ref": "pAvailabilityZone"}, "Tags": [ {"Key":"AciGCIgnore", "Value":""}, {"Key":"AciDnTag", "Value": {"Fn::Join": [ "", [ "acct-[infra]/region-[", { "Ref": "AWS::Region" }, "]/context-[overlay-1]-addr-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "]/cidr-[", {"Fn::GetAtt":["rInfraVPC", "CidrBlock"]}, "]/subnet-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "28" ]]}, "]" ] ] } }, {"Key":"Name", "Value": {"Fn::Join": [ "", [ "subnet-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "28" ]]}, "]" ] ] } } ] } }, "rCAPICOOBSubnet":{ "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": {"Ref" : "rInfraVPC"}, "CidrBlock": { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "16/28" ]]}, "AvailabilityZone": {"Ref": "pAvailabilityZone"}, "Tags": [ {"Key":"AciGCIgnore", "Value":""}, {"Key":"AciDnTag", "Value": {"Fn::Join": [ "", [ "acct-[infra]/region-[", { "Ref": "AWS::Region" }, "]/context-[overlay-1]-addr-[", { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "25" ]]}, "]/cidr-[", {"Fn::GetAtt":["rInfraVPC", "CidrBlock"]}, "]/subnet-[", { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "16/28" ]]}, "]" ] ] } }, {"Key":"Name", "Value": {"Fn::Join": [ "", [ "subnet-[", { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "16/28" ]]}, "]" ] ] } } ] } }, "rOOBSubnetRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": {"Ref" : "rInfraVPCPublicRouteTable"}, "SubnetId": {"Ref": "rCAPICOOBSubnet"} } }, "rCAPICOOBInterface":{ "Type" : "AWS::EC2::NetworkInterface", "Properties":{ "Description" :"CAPIC-1 Interface for OOB management", "SubnetId": { "Ref": "rCAPICOOBSubnet"}, "GroupSet": [{"Ref": "rCAPICOOBSecurityGroup"}], "PrivateIpAddress": { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "29" ]]}, "Tags": [{"Key":"type", "Value":"OOB"}, {"Key":"cloud-controller", "Value":"capic"} ] } }, "rCAPICInfraInterface":{ "Type" : "AWS::EC2::NetworkInterface", "Properties":{ "Description" :"CAPIC-1 Interface for Infra Communication", "SubnetId": { "Ref": "rCAPICInfraSubnet"}, "GroupSet": [{"Ref": "rCAPICInfraSecurityGroup"}], "PrivateIpAddress": { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "13" ]]}, "Tags": [{"Key":"type", "Value":"INFRA"}, {"Key":"cloud-controller", "Value":"capic"} ] } }, "rCAPICInstance": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "m4.2xlarge", "BlockDeviceMappings" : [ { "DeviceName" : "/dev/xvda", "Ebs" : { "VolumeType" : "gp2" } }, { "DeviceName" : "/dev/xvdb", "Ebs" : { "VolumeType" : "gp2" } } ], "Tags": [ { "Key": "Name", "Value": "Capic-1"}, { "Key": "AciOwnerTag", "Value": {"Fn::Join": [ "", [{"Ref": "AWS::AccountId"}, "_", { "Ref": "AWS::Region" }, "_", {"Ref": "AWS::AccountId"}, "_", { "Ref": "AWS::Region" }] ] } } ], "ImageId": {"Fn::FindInMap": ["mAWSRegionCapicAmi",{"Ref": "AWS::Region"},"amiId"]}, "KeyName" : { "Ref" : "pKeyName" }, "NetworkInterfaces": [ {"NetworkInterfaceId" : {"Ref" : "rCAPICOOBInterface"}, "DeviceIndex" : "0"}, {"NetworkInterfaceId" : {"Ref" : "rCAPICInfraInterface"}, "DeviceIndex": "1"} ], "IamInstanceProfile": { "Ref": "rApicAdminInstanceProfile" }, "UserData": {"Fn::Base64": { "Fn::Sub":[ "{\"site_id\": \"${SiteId}\", \"domain\": \"${FabricName}\",\"cluster_size\": ${ClusterSize},\"ifc_id\": ${IFCId},\"password\": \"${Password}\",\"tep_pool\": \"${TepPool}\",\"infra_subnet\": \"${InfraSubnet}\", \"account_id\": \"${AwsAccountId}\", \"region\": \"${AwsRegion}\", \"infra_nic_tag\": \"${InfraNicTag}\", \"oob_nic_tag\": \"${OobNicTag}\", \"oob_public_ip\": \"${OobPublicIp}\",\"external_networks\":\"${ExternalNetworks}\", \"infra_vpc_pool\":\"${InfraVpcPool}\", \"user_subnet\":\"${UserSubnet}\", \"oob_subnet\": \"${OobSubnet}\"}", { "SiteId": "1", "FabricName": {"Ref": "pFabricName"}, "ClusterSize": "1", "IFCId": "1", "Password": {"Ref": "pPassword"}, "TepPool": { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "12/30" ]]}, "InfraSubnet": { "Fn::Join" : ["/", [ {"Fn::Select" :[0,{"Fn::Split" : [ "/", {"Ref": "pInfraVPCPool"}]}]}, "28" ]]}, "AwsAccountId": {"Ref": "AWS::AccountId"}, "AwsRegion": {"Ref": "AWS::Region"}, "InfraNicTag": "type:INFRA", "OobNicTag": "type:OOB", "OobPublicIp": {"Ref": "rCAPICElasticIP"}, "ExternalNetworks": {"Ref": "pExtNw"}, "InfraVpcPool": {"Fn::GetAtt":["rInfraVPC", "CidrBlock"]}, "UserSubnet": {"Ref": "pInfraVPCPool"}, "OobSubnet": { "Fn::Join" : [".", [ {"Fn::Select" :[0,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[1,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, {"Fn::Select" :[2,{"Fn::Split" : [ ".", {"Ref": "pInfraVPCPool"}] }]}, "16/28" ]]} } ] } } } }, "rCAPICElasticIP": { "Type" : "AWS::EC2::EIP", "Properties" : { "Domain" : {"Ref": "rInfraVPC"} }, "DependsOn" : ["rInfraVPCInternetGateway","rCAPICOOBInterface"] }, "rCAPICElasticIPAssociation":{ "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "AllocationId" : { "Fn::GetAtt" : [ "rCAPICElasticIP", "AllocationId" ]}, "NetworkInterfaceId": {"Ref": "rCAPICOOBInterface"} }, "DependsOn": ["rCAPICElasticIP", "rCAPICInstance"] } }, "Outputs": { "CAPICElasticIP": { "Description": "Public IP address of CAPIC-1", "Value" : {"Ref": "rCAPICElasticIP"} } } }