Amazon EC2 template snippets
EC2 block device mapping examples
EC2 instance with block device mapping
JSON
"Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] }, "KeyName" : { "Ref" : "KeyName" }, "InstanceType" : { "Ref" : "InstanceType" }, "SecurityGroups" : [{ "Ref" : "Ec2SecurityGroup" }], "BlockDeviceMappings" : [ { "DeviceName" : "/dev/sda1", "Ebs" : { "VolumeSize" : "50" } },{ "DeviceName" : "/dev/sdm", "Ebs" : { "VolumeSize" : "100" } } ] } }
YAML
EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [ AWSRegionArch2AMI, !Ref 'AWS::Region' , !FindInMap [ AWSInstanceType2Arch, !Ref InstanceType, Arch ] ] KeyName: !Ref KeyName InstanceType: !Ref InstanceType SecurityGroups: - !Ref Ec2SecurityGroup BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeSize: 50 - DeviceName: /dev/sdm Ebs: VolumeSize: 100
EC2 instance with ephemeral drives
JSON
"Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, "PV64" ]}, "KeyName" : { "Ref" : "KeyName" }, "InstanceType" : "m1.small", "SecurityGroups" : [{ "Ref" : "Ec2SecurityGroup" }], "BlockDeviceMappings" : [ { "DeviceName" : "/dev/sdc", "VirtualName" : "ephemeral0" } ] } }
YAML
EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [ AWSRegionArch2AMI, !Ref 'AWS::Region', PV64 ] KeyName: !Ref KeyName InstanceType: m1.small SecurityGroups: - !Ref Ec2SecurityGroup BlockDeviceMappings: - DeviceName: /dev/sdc VirtualName: ephemeral0
Assigning an Amazon EC2 elastic IP using AWS::EC2::EIP
snippet
This example shows how to assign an Amazon EC2 Elastic IP address and assign it to an Amazon EC2 instance using a AWS::EC2::EIP resource.
JSON
"MyEIP" : { "Type" : "AWS::EC2::EIP", "Properties" : { "InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" } } }
YAML
MyEIP: Type: AWS::EC2::EIP Properties: InstanceId: !Ref Logical name of an AWS::EC2::Instance resource
Assigning an existing elastic IP to an amazon
EC2 instance using AWS::EC2::EIPAssociation snippet
This example shows how to assign an existing Amazon EC2 Elastic IP address to an Amazon EC2 instance using an AWS::EC2::EIPAssociation resource.
JSON
"IPAssoc" : { "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" }, "EIP" : "existing Elastic IP address" } }
YAML
IPAssoc: Type: AWS::EC2::EIPAssociation Properties: InstanceId: !RefLogical name of an AWS::EC2::Instance resourceEIP:existing Elastic IP Address
Assigning an existing VPC elastic IP to
an Amazon EC2 instance using AWS::EC2::EIPAssociation snippet
This example shows how to assign an existing VPC Elastic IP address to an Amazon EC2 instance using an AWS::EC2::EIPAssociation resource.
JSON
"VpcIPAssoc" : { "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" }, "AllocationId" : "existing VPC Elastic IP allocation ID" } }
YAML
VpcIPAssoc: Type: AWS::EC2::EIPAssociation Properties: InstanceId: !RefLogical name of an AWS::EC2::Instance resourceAllocationId:Existing VPC Elastic IP allocation ID
Elastic network interface (ENI) template snippets
VPC_EC2_Instance_With_ENI
Sample template showing how to create an instance with two elastic network interface (ENI). The sample assumes you have already created a VPC.
JSON
{ "Resources": { "ControlPortAddress": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc" } }, "AssociateControlPort": { "Type": "AWS::EC2::EIPAssociation", "Properties": { "AllocationId": { "Fn::GetAtt": [ "ControlPortAddress", "AllocationId" ] }, "NetworkInterfaceId": { "Ref": "controlXface" } } }, "WebPortAddress": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc" } }, "AssociateWebPort": { "Type": "AWS::EC2::EIPAssociation", "Properties": { "AllocationId": { "Fn::GetAtt": [ "WebPortAddress", "AllocationId" ] }, "NetworkInterfaceId": { "Ref": "webXface" } } }, "SSHSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VpcId" }, "GroupDescription": "Enable SSH access via port 22", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", "FromPort": 22, "IpProtocol": "tcp", "ToPort": 22 } ] } }, "WebSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VpcId" }, "GroupDescription": "Enable HTTP access via user defined port", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", "FromPort": 80, "IpProtocol": "tcp", "ToPort": 80 } ] } }, "controlXface": { "Type": "AWS::EC2::NetworkInterface", "Properties": { "SubnetId": { "Ref": "SubnetId" }, "Description": "Interface for controlling traffic such as SSH", "GroupSet": [ { "Ref": "SSHSecurityGroup" } ], "SourceDestCheck": true, "Tags": [ { "Key": "Network", "Value": "Control" } ] } }, "webXface": { "Type": "AWS::EC2::NetworkInterface", "Properties": { "SubnetId": { "Ref": "SubnetId" }, "Description": "Interface for controlling traffic such as SSH", "GroupSet": [ { "Ref": "WebSecurityGroup" } ], "SourceDestCheck": true, "Tags": [ { "Key": "Network", "Value": "Web" } ] } }, "Ec2Instance": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": { "Fn::FindInMap": [ "RegionMap", { "Ref": "AWS::Region" }, "AMI" ] }, "KeyName": { "Ref": "KeyName" }, "NetworkInterfaces": [ { "NetworkInterfaceId": { "Ref": "controlXface" }, "DeviceIndex": 0 }, { "NetworkInterfaceId": { "Ref": "webXface" }, "DeviceIndex": 1 } ], "Tags": [ { "Key": "Role", "Value": "Test Instance" } ], "UserData": { "Fn::Base64": { "Fn::Sub": "#!/bin/bash -xe\nyum install ec2-net-utils -y\nec2ifup eth1\nservice httpd start\n" } } } } } }
YAML
Resources: ControlPortAddress: Type: 'AWS::EC2::EIP' Properties: Domain: vpc AssociateControlPort: Type: 'AWS::EC2::EIPAssociation' Properties: AllocationId: !GetAtt - ControlPortAddress - AllocationId NetworkInterfaceId: !Ref controlXface WebPortAddress: Type: 'AWS::EC2::EIP' Properties: Domain: vpc AssociateWebPort: Type: 'AWS::EC2::EIPAssociation' Properties: AllocationId: !GetAtt - WebPortAddress - AllocationId NetworkInterfaceId: !Ref webXface SSHSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: VpcId: !Ref VpcId GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - CidrIp: 0.0.0.0/0 FromPort: 22 IpProtocol: tcp ToPort: 22 WebSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: VpcId: !Ref VpcId GroupDescription: Enable HTTP access via user defined port SecurityGroupIngress: - CidrIp: 0.0.0.0/0 FromPort: 80 IpProtocol: tcp ToPort: 80 controlXface: Type: 'AWS::EC2::NetworkInterface' Properties: SubnetId: !Ref SubnetId Description: Interface for controlling traffic such as SSH GroupSet: - !Ref SSHSecurityGroup SourceDestCheck: true Tags: - Key: Network Value: Control webXface: Type: 'AWS::EC2::NetworkInterface' Properties: SubnetId: !Ref SubnetId Description: Interface for controlling traffic such as SSH GroupSet: - !Ref WebSecurityGroup SourceDestCheck: true Tags: - Key: Network Value: Web Ec2Instance: Type: 'AWS::EC2::Instance' Properties: ImageId: !FindInMap - RegionMap - !Ref 'AWS::Region' - AMI KeyName: !Ref KeyName NetworkInterfaces: - NetworkInterfaceId: !Ref controlXface DeviceIndex: 0 - NetworkInterfaceId: !Ref webXface DeviceIndex: 1 Tags: - Key: Role Value: Test Instance UserData: !Base64 'Fn::Sub': | #!/bin/bash -xe yum install ec2-net-utils -y ec2ifup eth1 service httpd start
Amazon EC2 instance resource
This snippet shows a simple AWS::EC2::Instance resource.
JSON
"MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "AvailabilityZone" : "us-east-1a", "ImageId" : "ami-0ff8a91507f77f867" } }
YAML
MyInstance: Type: AWS::EC2::Instance Properties: AvailabilityZone: us-east-1a ImageId: ami-0ff8a91507f77f867
Amazon EC2 instance with Volume, Tag, and UserData properties
This snippet shows an AWS::EC2::Instance resource with one Amazon EC2 volume, one tag, and
a user data property. An AWS::EC2::SecurityGroup resource, an AWS::SNS::Topic resource,
and an AWS::EC2::Volume resource all must be defined in the same template. Also, the
reference to KeyName is a parameters that must be defined in the
Parameters section of the template.
JSON
"MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyName" }, "SecurityGroups" : [ { "Ref" : "logical name of AWS::EC2::SecurityGroup resource" } ], "UserData" : { "Fn::Base64" : { "Fn::Join" : [ ":", [ "PORT=80", "TOPIC=", { "Ref" : "logical name of an AWS::SNS::Topic resource" } ] ] } }, "InstanceType" : "m1.small", "AvailabilityZone" : "us-east-1a", "ImageId" : "ami-0ff8a91507f77f867", "Volumes" : [ { "VolumeId" : { "Ref" : "logical name of AWS::EC2::Volume resource" }, "Device" : "/dev/sdk" } ], "Tags" : [ { "Key" : "Name", "Value" : "MyTag" } ] } }
YAML
MyInstance: Type: AWS::EC2::Instance Properties: KeyName: !Ref KeyName SecurityGroups: - !Reflogical name of AWS::EC2::SecurityGroup resourceUserData: Fn::Base64: !Sub | PORT=80 TOPIC=${logical name of an AWS::SNS::Topic resource} InstanceType: m1.small AvailabilityZone: us-east-1a ImageId: ami-0ff8a91507f77f867 Volumes: - VolumeId: !Reflogical name of AWS::EC2::Volume resourceDevice: /dev/sdk Tags: - Key: Name Value: MyTag
Amazon EC2 instance resource with an Amazon SimpleDB Domain
This snippet shows an AWS::EC2::Instance resource with an Amazon SimpleDB domain specified in the UserData.
JSON
"MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [ "Domain=", { "Ref" : "logical name of an AWS::SDB::Domain resource" } ] ] } }, "AvailabilityZone" : "us-east-1a", "ImageId" : "ami-0ff8a91507f77f867" } }
YAML
MyInstance: Type: AWS::EC2::Instance Properties: UserData: Fn::Base64: !Sub | Domain=${logical name of an AWS::SDB::Domain resource} AvailabilityZone: us-east-1a ImageId: ami-0ff8a91507f77f867
Amazon EC2 security group resource with two CIDR range ingress rules
This snippet shows an AWS::EC2::SecurityGroup resource that describes two ingress rules giving access to a specified CIDR range for the TCP protocol on the specified ports.
JSON
"ServerSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "allow connections from specified CIDR ranges", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" },{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "192.168.1.1/32" } ] } }
YAML
ServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: allow connections from specified CIDR ranges SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 192.168.1.1/32
Amazon EC2 security group resource with two security group ingress rules
This snippet shows an AWS::EC2::SecurityGroup resource that describes two security
group ingress rules. The first ingress rule grants access to the existing security group
myadminsecuritygroup, which is owned by the 1234-5678-9012 AWS account, for the TCP
protocol on port 22. The second ingress rule grants access to the security group
mysecuritygroupcreatedincfn for TCP on port 80. This ingress rule uses the Ref intrinsic
function to refer to a security group (whose logical name is
mysecuritygroupcreatedincfn) created in the same template. You must declare a value for
both the SourceSecurityGroupName and
SourceSecurityGroupOwnerId properties.
JSON
"ServerSecurityGroupBySG" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "allow connections from specified source security group", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "SourceSecurityGroupName" : "myadminsecuritygroup", "SourceSecurityGroupOwnerId" : "123456789012" }, { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "SourceSecurityGroupName" : {"Ref" : "mysecuritygroupcreatedincfn"} } ] } }
YAML
ServerSecurityGroupBySG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: allow connections from specified source security group SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupName: myadminsecuritygroup SourceSecurityGroupOwnerId: 123456789012 - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupName: !Ref mysecuritygroupcreatedincfn
Amazon EC2 security group resource with LoadBalancer ingress rule
This template shows an AWS::EC2::SecurityGroup resource that contains a security group
ingress rule that grants access to the LoadBalancer myELB for TCP on port 80. The rule
uses the SourceSecurityGroup.OwnerAlias and
SourceSecurityGroup.GroupName properties of the myELB resource to
specify the source security group of the LoadBalancer.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "myELB": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "AvailabilityZones": [ "eu-west-1a" ], "Listeners": [ { "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" } ] } }, "myELBIngressGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "ELB ingress group", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "SourceSecurityGroupOwnerId": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.OwnerAlias" ] }, "SourceSecurityGroupName": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.GroupName" ] } } ] } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Resources: myELB: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: - eu-west-1a Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP myELBIngressGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: ELB ingress group SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupOwnerId: !GetAtt myELB.SourceSecurityGroup.OwnerAlias SourceSecurityGroupName: !GetAtt myELB.SourceSecurityGroup.GroupName
Using AWS::EC2::SecurityGroupIngress to create mutually referencing Amazon EC2 security group resources
This snippet shows two AWS::EC2::SecurityGroupIngress resources that add mutual ingress rules to the EC2 security groups SGroup1 and SGroup2. The SGroup1Ingress resource enables ingress from SGroup2 through TCP/IP port 80 to SGroup1. The SGroup2Ingress resource enables ingress from SGroup1 through TCP/IP port 80 to SGroup2.
Note
If you are using an Amazon VPC, use the AWS::EC2::SecurityGroup resource and specify the VpcId property.
JSON
"SGroup1" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "EC2 Instance access" } }, "SGroup2" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "EC2 Instance access" } }, "SGroup1Ingress" : { "Type" : "AWS::EC2::SecurityGroupIngress", "Properties" : { "GroupName" : { "Ref" : "SGroup1" }, "IpProtocol" : "tcp", "ToPort" : "80", "FromPort" : "80", "SourceSecurityGroupName" : { "Ref" : "SGroup2" } } }, "SGroup2Ingress" : { "Type" : "AWS::EC2::SecurityGroupIngress", "Properties" : { "GroupName" : { "Ref" : "SGroup2" }, "IpProtocol" : "tcp", "ToPort" : "80", "FromPort" : "80", "SourceSecurityGroupName" : { "Ref" : "SGroup1" } } }
YAML
SGroup1: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: EC2 Instance access SGroup2: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: EC2 Instance access SGroup1Ingress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: !Ref SGroup1 IpProtocol: tcp ToPort: 80 FromPort: 80 SourceSecurityGroupName: !Ref SGroup2 SGroup2Ingress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: !Ref SGroup2 IpProtocol: tcp ToPort: 80 FromPort: 80 SourceSecurityGroupName: !Ref SGroup1
Amazon EC2 volume resource
This snippet shows a simple Amazon EC2 volume resource with a DeletionPolicy attribute set
to Snapshot. With the Snapshot DeletionPolicy set, AWS CloudFormation will take a snapshot of this
volume before deleting it during stack deletion. Make sure you specify a value for
SnapShotId, or a value for Size, but not both. Remove the
one you don't need.
JSON
"MyEBSVolume" : { "Type" : "AWS::EC2::Volume", "Properties" : { "Size" : "specify a size if no SnapShotId", "SnapshotId" : "specify a SnapShotId if no Size", "AvailabilityZone" : { "Ref" : "AvailabilityZone" } }, "DeletionPolicy" : "Snapshot" }
YAML
MyEBSVolume: Type: AWS::EC2::Volume Properties: Size:specify a size if no SnapshotIdSnapshotId:specify a SnapShotId if no SizeAvailabilityZone: !Ref AvailabilityZone DeletionPolicy: Snapshot
Amazon EC2 VolumeAttachment resource
This snippet shows the following resources: an Amazon EC2 instance using an Amazon Linux AMI from the US-East (Northern Virginia) Region, an EC2 security group that allows SSH access to IP addresses, a new Amazon EBS volume sized at 100 GB and in the same Availability Zone as the EC2 instance, and a volume attachment that attaches the new volume to the EC2 instance.
JSON
"Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], "ImageId" : "ami-0ff8a91507f77f867" } }, "InstanceSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable SSH access via port 22", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" } ] } }, "NewVolume" : { "Type" : "AWS::EC2::Volume", "Properties" : { "Size" : "100", "AvailabilityZone" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ]} } }, "MountPoint" : { "Type" : "AWS::EC2::VolumeAttachment", "Properties" : { "InstanceId" : { "Ref" : "Ec2Instance" }, "VolumeId" : { "Ref" : "NewVolume" }, "Device" : "/dev/sdh" } } }
YAML
Resources: Ec2Instance: Type: AWS::EC2::Instance Properties: SecurityGroups: - !Ref InstanceSecurityGroup ImageId: ami-0ff8a91507f77f867 InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 NewVolume: Type: AWS::EC2::Volume Properties: Size: 100 AvailabilityZone: !GetAtt Ec2Instance.AvailabilityZone MountPoint: Type: AWS::EC2::VolumeAttachment Properties: InstanceId: !Ref Ec2Instance VolumeId: !Ref NewVolume Device: /dev/sdh
Amazon EC2 instance in a default VPC security group
Whenever you create a VPC, AWS automatically creates default resources for that VPC,
such as a security group. However, when you define a VPC in AWS CloudFormation templates, you don't
yet have the physical IDs of those default resources. To obtain the IDs, use the Fn::GetAtt intrinsic function. That way,
you can use the default resources instead of creating new ones in your template. For
example, the following template snippet associates the default security group of the
myVPC VPC with the myInstance Amazon EC2
instance.
JSON
"myVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": {"Ref": "myVPCCIDRRange"}, "EnableDnsSupport": false, "EnableDnsHostnames": false, "InstanceTenancy": "default" } }, "myInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId": { "Fn::FindInMap": ["AWSRegionToAMI",{"Ref": "AWS::Region"},"64"] }, "SecurityGroupIds" : [{"Fn::GetAtt": ["myVPC", "DefaultSecurityGroup"]}], "SubnetId" : {"Ref" : "mySubnet"} } }
YAML
myVPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref myVPCCIDRRange EnableDnsSupport: false EnableDnsHostnames: false InstanceTenancy: default myInstance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [ AWSRegionToAMI , !Ref 'AWS::Region', 64 ] SecurityGroupIds: - !GetAtt myVPC.DefaultSecurityGroup SubnetId: !Ref mySubnet
Amazon EC2 route with egress-only Internet gateway
The following template sets up an egress-only Internet gateway that's used with an EC2 route.
JSON
{ "Resources": { "DefaultIpv6Route": { "Properties": { "DestinationIpv6CidrBlock": "::/0", "EgressOnlyInternetGatewayId": { "Ref": "EgressOnlyInternetGateway" }, "RouteTableId": { "Ref": "RouteTable" } }, "Type": "AWS::EC2::Route" }, "EgressOnlyInternetGateway": { "Properties": { "VpcId": { "Ref": "VPC" } }, "Type": "AWS::EC2::EgressOnlyInternetGateway" }, "RouteTable": { "Properties": { "VpcId": { "Ref": "VPC" } }, "Type": "AWS::EC2::RouteTable" }, "VPC": { "Properties": { "CidrBlock": "10.0.0.0/16" }, "Type": "AWS::EC2::VPC" } } }
YAML
Resources: DefaultIpv6Route: Type: AWS::EC2::Route Properties: DestinationIpv6CidrBlock: "::/0" EgressOnlyInternetGatewayId: !Ref EgressOnlyInternetGateway RouteTableId: !Ref RouteTable EgressOnlyInternetGateway: Type: AWS::EC2::EgressOnlyInternetGateway Properties: VpcId: !Ref VPC RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16
