Amazon EC2 template snippets - AWS CloudFormation

Amazon EC2 template snippets

EC2 block device mapping examples

EC2 instance with block device mapping

JSON

"Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] }, "KeyName" : { "Ref" : "KeyName" }, "InstanceType" : { "Ref" : "InstanceType" }, "SecurityGroups" : [{ "Ref" : "Ec2SecurityGroup" }], "BlockDeviceMappings" : [ { "DeviceName" : "/dev/sda1", "Ebs" : { "VolumeSize" : "50" } },{ "DeviceName" : "/dev/sdm", "Ebs" : { "VolumeSize" : "100" } } ] } }

YAML

EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [ AWSRegionArch2AMI, !Ref 'AWS::Region' , !FindInMap [ AWSInstanceType2Arch, !Ref InstanceType, Arch ] ] KeyName: !Ref KeyName InstanceType: !Ref InstanceType SecurityGroups: - !Ref Ec2SecurityGroup BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeSize: 50 - DeviceName: /dev/sdm Ebs: VolumeSize: 100

EC2 instance with ephemeral drives

JSON

"Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, "PV64" ]}, "KeyName" : { "Ref" : "KeyName" }, "InstanceType" : "m1.small", "SecurityGroups" : [{ "Ref" : "Ec2SecurityGroup" }], "BlockDeviceMappings" : [ { "DeviceName" : "/dev/sdc", "VirtualName" : "ephemeral0" } ] } }

YAML

EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [ AWSRegionArch2AMI, !Ref 'AWS::Region', PV64 ] KeyName: !Ref KeyName InstanceType: m1.small SecurityGroups: - !Ref Ec2SecurityGroup BlockDeviceMappings: - DeviceName: /dev/sdc VirtualName: ephemeral0

Assigning an Amazon EC2 elastic IP using AWS::EC2::EIP snippet

This example shows how to assign an Amazon EC2 Elastic IP address and assign it to an Amazon EC2 instance using a AWS::EC2::EIP resource.

JSON

"MyEIP" : { "Type" : "AWS::EC2::EIP", "Properties" : { "InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" } } }

YAML

MyEIP: Type: AWS::EC2::EIP Properties: InstanceId: !Ref Logical name of an AWS::EC2::Instance resource

Assigning an existing elastic IP to an amazon EC2 instance using AWS::EC2::EIPAssociation snippet

This example shows how to assign an existing Amazon EC2 Elastic IP address to an Amazon EC2 instance using an AWS::EC2::EIPAssociation resource.

JSON

"IPAssoc" : { "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" }, "EIP" : "existing Elastic IP address" } }

YAML

IPAssoc: Type: AWS::EC2::EIPAssociation Properties: InstanceId: !Ref Logical name of an AWS::EC2::Instance resource EIP: existing Elastic IP Address

Assigning an existing VPC elastic IP to an Amazon EC2 instance using AWS::EC2::EIPAssociation snippet

This example shows how to assign an existing VPC Elastic IP address to an Amazon EC2 instance using an AWS::EC2::EIPAssociation resource.

JSON

"VpcIPAssoc" : { "Type" : "AWS::EC2::EIPAssociation", "Properties" : { "InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" }, "AllocationId" : "existing VPC Elastic IP allocation ID" } }

YAML

VpcIPAssoc: Type: AWS::EC2::EIPAssociation Properties: InstanceId: !Ref Logical name of an AWS::EC2::Instance resource AllocationId: Existing VPC Elastic IP allocation ID

Elastic network interface (ENI) template snippets

VPC_EC2_Instance_With_ENI

Sample template showing how to create an instance with two elastic network interface (ENI). The sample assumes you have already created a VPC.

JSON

{ "Resources": { "ControlPortAddress": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc" } }, "AssociateControlPort": { "Type": "AWS::EC2::EIPAssociation", "Properties": { "AllocationId": { "Fn::GetAtt": [ "ControlPortAddress", "AllocationId" ] }, "NetworkInterfaceId": { "Ref": "controlXface" } } }, "WebPortAddress": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc" } }, "AssociateWebPort": { "Type": "AWS::EC2::EIPAssociation", "Properties": { "AllocationId": { "Fn::GetAtt": [ "WebPortAddress", "AllocationId" ] }, "NetworkInterfaceId": { "Ref": "webXface" } } }, "SSHSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VpcId" }, "GroupDescription": "Enable SSH access via port 22", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", "FromPort": 22, "IpProtocol": "tcp", "ToPort": 22 } ] } }, "WebSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VpcId" }, "GroupDescription": "Enable HTTP access via user defined port", "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", "FromPort": 80, "IpProtocol": "tcp", "ToPort": 80 } ] } }, "controlXface": { "Type": "AWS::EC2::NetworkInterface", "Properties": { "SubnetId": { "Ref": "SubnetId" }, "Description": "Interface for controlling traffic such as SSH", "GroupSet": [ { "Ref": "SSHSecurityGroup" } ], "SourceDestCheck": true, "Tags": [ { "Key": "Network", "Value": "Control" } ] } }, "webXface": { "Type": "AWS::EC2::NetworkInterface", "Properties": { "SubnetId": { "Ref": "SubnetId" }, "Description": "Interface for controlling traffic such as SSH", "GroupSet": [ { "Ref": "WebSecurityGroup" } ], "SourceDestCheck": true, "Tags": [ { "Key": "Network", "Value": "Web" } ] } }, "Ec2Instance": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": { "Fn::FindInMap": [ "RegionMap", { "Ref": "AWS::Region" }, "AMI" ] }, "KeyName": { "Ref": "KeyName" }, "NetworkInterfaces": [ { "NetworkInterfaceId": { "Ref": "controlXface" }, "DeviceIndex": 0 }, { "NetworkInterfaceId": { "Ref": "webXface" }, "DeviceIndex": 1 } ], "Tags": [ { "Key": "Role", "Value": "Test Instance" } ], "UserData": { "Fn::Base64": { "Fn::Sub": "#!/bin/bash -xe\nyum install ec2-net-utils -y\nec2ifup eth1\nservice httpd start\n" } } } } } }

YAML

Resources: ControlPortAddress: Type: 'AWS::EC2::EIP' Properties: Domain: vpc AssociateControlPort: Type: 'AWS::EC2::EIPAssociation' Properties: AllocationId: !GetAtt - ControlPortAddress - AllocationId NetworkInterfaceId: !Ref controlXface WebPortAddress: Type: 'AWS::EC2::EIP' Properties: Domain: vpc AssociateWebPort: Type: 'AWS::EC2::EIPAssociation' Properties: AllocationId: !GetAtt - WebPortAddress - AllocationId NetworkInterfaceId: !Ref webXface SSHSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: VpcId: !Ref VpcId GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - CidrIp: 0.0.0.0/0 FromPort: 22 IpProtocol: tcp ToPort: 22 WebSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: VpcId: !Ref VpcId GroupDescription: Enable HTTP access via user defined port SecurityGroupIngress: - CidrIp: 0.0.0.0/0 FromPort: 80 IpProtocol: tcp ToPort: 80 controlXface: Type: 'AWS::EC2::NetworkInterface' Properties: SubnetId: !Ref SubnetId Description: Interface for controlling traffic such as SSH GroupSet: - !Ref SSHSecurityGroup SourceDestCheck: true Tags: - Key: Network Value: Control webXface: Type: 'AWS::EC2::NetworkInterface' Properties: SubnetId: !Ref SubnetId Description: Interface for controlling traffic such as SSH GroupSet: - !Ref WebSecurityGroup SourceDestCheck: true Tags: - Key: Network Value: Web Ec2Instance: Type: 'AWS::EC2::Instance' Properties: ImageId: !FindInMap - RegionMap - !Ref 'AWS::Region' - AMI KeyName: !Ref KeyName NetworkInterfaces: - NetworkInterfaceId: !Ref controlXface DeviceIndex: 0 - NetworkInterfaceId: !Ref webXface DeviceIndex: 1 Tags: - Key: Role Value: Test Instance UserData: !Base64 'Fn::Sub': | #!/bin/bash -xe yum install ec2-net-utils -y ec2ifup eth1 service httpd start

Amazon EC2 instance resource

This snippet shows a simple AWS::EC2::Instance resource.

JSON

"MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "AvailabilityZone" : "us-east-1a", "ImageId" : "ami-0ff8a91507f77f867" } }

YAML

MyInstance: Type: AWS::EC2::Instance Properties: AvailabilityZone: us-east-1a ImageId: ami-0ff8a91507f77f867

Amazon EC2 instance with Volume, Tag, and UserData properties

This snippet shows an AWS::EC2::Instance resource with one Amazon EC2 volume, one tag, and a user data property. An AWS::EC2::SecurityGroup resource, an AWS::SNS::Topic resource, and an AWS::EC2::Volume resource all must be defined in the same template. Also, the reference to KeyName is a parameters that must be defined in the Parameters section of the template.

JSON

"MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyName" }, "SecurityGroups" : [ { "Ref" : "logical name of AWS::EC2::SecurityGroup resource" } ], "UserData" : { "Fn::Base64" : { "Fn::Join" : [ ":", [ "PORT=80", "TOPIC=", { "Ref" : "logical name of an AWS::SNS::Topic resource" } ] ] } }, "InstanceType" : "m1.small", "AvailabilityZone" : "us-east-1a", "ImageId" : "ami-0ff8a91507f77f867", "Volumes" : [ { "VolumeId" : { "Ref" : "logical name of AWS::EC2::Volume resource" }, "Device" : "/dev/sdk" } ], "Tags" : [ { "Key" : "Name", "Value" : "MyTag" } ] } }

YAML

MyInstance: Type: AWS::EC2::Instance Properties: KeyName: !Ref KeyName SecurityGroups: - !Ref logical name of AWS::EC2::SecurityGroup resource UserData: Fn::Base64: !Sub | PORT=80 TOPIC=${ logical name of an AWS::SNS::Topic resource } InstanceType: m1.small AvailabilityZone: us-east-1a ImageId: ami-0ff8a91507f77f867 Volumes: - VolumeId: !Ref logical name of AWS::EC2::Volume resource Device: /dev/sdk Tags: - Key: Name Value: MyTag

Amazon EC2 instance resource with an Amazon SimpleDB Domain

This snippet shows an AWS::EC2::Instance resource with an Amazon SimpleDB domain specified in the UserData.

JSON

"MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [ "Domain=", { "Ref" : "logical name of an AWS::SDB::Domain resource" } ] ] } }, "AvailabilityZone" : "us-east-1a", "ImageId" : "ami-0ff8a91507f77f867" } }

YAML

MyInstance: Type: AWS::EC2::Instance Properties: UserData: Fn::Base64: !Sub | Domain=${ logical name of an AWS::SDB::Domain resource } AvailabilityZone: us-east-1a ImageId: ami-0ff8a91507f77f867

Amazon EC2 security group resource with two CIDR range ingress rules

This snippet shows an AWS::EC2::SecurityGroup resource that describes two ingress rules giving access to a specified CIDR range for the TCP protocol on the specified ports.

JSON

"ServerSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "allow connections from specified CIDR ranges", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" },{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "192.168.1.1/32" } ] } }

YAML

ServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: allow connections from specified CIDR ranges SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 192.168.1.1/32

Amazon EC2 security group resource with two security group ingress rules

This snippet shows an AWS::EC2::SecurityGroup resource that describes two security group ingress rules. The first ingress rule grants access to the existing security group myadminsecuritygroup, which is owned by the 1234-5678-9012 AWS account, for the TCP protocol on port 22. The second ingress rule grants access to the security group mysecuritygroupcreatedincfn for TCP on port 80. This ingress rule uses the Ref intrinsic function to refer to a security group (whose logical name is mysecuritygroupcreatedincfn) created in the same template. You must declare a value for both the SourceSecurityGroupName and SourceSecurityGroupOwnerId properties.

JSON

"ServerSecurityGroupBySG" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "allow connections from specified source security group", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "SourceSecurityGroupName" : "myadminsecuritygroup", "SourceSecurityGroupOwnerId" : "123456789012" }, { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "SourceSecurityGroupName" : {"Ref" : "mysecuritygroupcreatedincfn"} } ] } }

YAML

ServerSecurityGroupBySG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: allow connections from specified source security group SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupName: myadminsecuritygroup SourceSecurityGroupOwnerId: 123456789012 - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupName: !Ref mysecuritygroupcreatedincfn

Amazon EC2 security group resource with LoadBalancer ingress rule

This template shows an AWS::EC2::SecurityGroup resource that contains a security group ingress rule that grants access to the LoadBalancer myELB for TCP on port 80. The rule uses the SourceSecurityGroup.OwnerAlias and SourceSecurityGroup.GroupName properties of the myELB resource to specify the source security group of the LoadBalancer.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "myELB": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "AvailabilityZones": [ "eu-west-1a" ], "Listeners": [ { "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" } ] } }, "myELBIngressGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "ELB ingress group", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "SourceSecurityGroupOwnerId": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.OwnerAlias" ] }, "SourceSecurityGroupName": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.GroupName" ] } } ] } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Resources: myELB: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: - eu-west-1a Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP myELBIngressGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: ELB ingress group SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupOwnerId: !GetAtt myELB.SourceSecurityGroup.OwnerAlias SourceSecurityGroupName: !GetAtt myELB.SourceSecurityGroup.GroupName

Using AWS::EC2::SecurityGroupIngress to create mutually referencing Amazon EC2 security group resources

This snippet shows two AWS::EC2::SecurityGroupIngress resources that add mutual ingress rules to the EC2 security groups SGroup1 and SGroup2. The SGroup1Ingress resource enables ingress from SGroup2 through TCP/IP port 80 to SGroup1. The SGroup2Ingress resource enables ingress from SGroup1 through TCP/IP port 80 to SGroup2.

Note

If you are using an Amazon VPC, use the AWS::EC2::SecurityGroup resource and specify the VpcId property.

JSON

"SGroup1" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "EC2 Instance access" } }, "SGroup2" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "EC2 Instance access" } }, "SGroup1Ingress" : { "Type" : "AWS::EC2::SecurityGroupIngress", "Properties" : { "GroupName" : { "Ref" : "SGroup1" }, "IpProtocol" : "tcp", "ToPort" : "80", "FromPort" : "80", "SourceSecurityGroupName" : { "Ref" : "SGroup2" } } }, "SGroup2Ingress" : { "Type" : "AWS::EC2::SecurityGroupIngress", "Properties" : { "GroupName" : { "Ref" : "SGroup2" }, "IpProtocol" : "tcp", "ToPort" : "80", "FromPort" : "80", "SourceSecurityGroupName" : { "Ref" : "SGroup1" } } }

YAML

SGroup1: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: EC2 Instance access SGroup2: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: EC2 Instance access SGroup1Ingress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: !Ref SGroup1 IpProtocol: tcp ToPort: 80 FromPort: 80 SourceSecurityGroupName: !Ref SGroup2 SGroup2Ingress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: !Ref SGroup2 IpProtocol: tcp ToPort: 80 FromPort: 80 SourceSecurityGroupName: !Ref SGroup1

Amazon EC2 volume resource

This snippet shows a simple Amazon EC2 volume resource with a DeletionPolicy attribute set to Snapshot. With the Snapshot DeletionPolicy set, AWS CloudFormation will take a snapshot of this volume before deleting it during stack deletion. Make sure you specify a value for SnapShotId, or a value for Size, but not both. Remove the one you don't need.

JSON

"MyEBSVolume" : { "Type" : "AWS::EC2::Volume", "Properties" : { "Size" : "specify a size if no SnapShotId", "SnapshotId" : "specify a SnapShotId if no Size", "AvailabilityZone" : { "Ref" : "AvailabilityZone" } }, "DeletionPolicy" : "Snapshot" }

YAML

MyEBSVolume: Type: AWS::EC2::Volume Properties: Size: specify a size if no SnapshotId SnapshotId: specify a SnapShotId if no Size AvailabilityZone: !Ref AvailabilityZone DeletionPolicy: Snapshot

Amazon EC2 VolumeAttachment resource

This snippet shows the following resources: an Amazon EC2 instance using an Amazon Linux AMI from the US-East (Northern Virginia) Region, an EC2 security group that allows SSH access to IP addresses, a new Amazon EBS volume sized at 100 GB and in the same Availability Zone as the EC2 instance, and a volume attachment that attaches the new volume to the EC2 instance.

JSON

"Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], "ImageId" : "ami-0ff8a91507f77f867" } }, "InstanceSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable SSH access via port 22", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" } ] } }, "NewVolume" : { "Type" : "AWS::EC2::Volume", "Properties" : { "Size" : "100", "AvailabilityZone" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ]} } }, "MountPoint" : { "Type" : "AWS::EC2::VolumeAttachment", "Properties" : { "InstanceId" : { "Ref" : "Ec2Instance" }, "VolumeId" : { "Ref" : "NewVolume" }, "Device" : "/dev/sdh" } } }

YAML

Resources: Ec2Instance: Type: AWS::EC2::Instance Properties: SecurityGroups: - !Ref InstanceSecurityGroup ImageId: ami-0ff8a91507f77f867 InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 NewVolume: Type: AWS::EC2::Volume Properties: Size: 100 AvailabilityZone: !GetAtt Ec2Instance.AvailabilityZone MountPoint: Type: AWS::EC2::VolumeAttachment Properties: InstanceId: !Ref Ec2Instance VolumeId: !Ref NewVolume Device: /dev/sdh

Amazon EC2 instance in a default VPC security group

Whenever you create a VPC, AWS automatically creates default resources for that VPC, such as a security group. However, when you define a VPC in AWS CloudFormation templates, you don't yet have the physical IDs of those default resources. To obtain the IDs, use the Fn::GetAtt intrinsic function. That way, you can use the default resources instead of creating new ones in your template. For example, the following template snippet associates the default security group of the myVPC VPC with the myInstance Amazon EC2 instance.

JSON

"myVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": {"Ref": "myVPCCIDRRange"}, "EnableDnsSupport": false, "EnableDnsHostnames": false, "InstanceTenancy": "default" } }, "myInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId": { "Fn::FindInMap": ["AWSRegionToAMI",{"Ref": "AWS::Region"},"64"] }, "SecurityGroupIds" : [{"Fn::GetAtt": ["myVPC", "DefaultSecurityGroup"]}], "SubnetId" : {"Ref" : "mySubnet"} } }

YAML

myVPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref myVPCCIDRRange EnableDnsSupport: false EnableDnsHostnames: false InstanceTenancy: default myInstance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [ AWSRegionToAMI , !Ref 'AWS::Region', 64 ] SecurityGroupIds: - !GetAtt myVPC.DefaultSecurityGroup SubnetId: !Ref mySubnet

Amazon EC2 route with egress-only Internet gateway

The following template sets up an egress-only Internet gateway that's used with an EC2 route.

JSON

{ "Resources": { "DefaultIpv6Route": { "Properties": { "DestinationIpv6CidrBlock": "::/0", "EgressOnlyInternetGatewayId": { "Ref": "EgressOnlyInternetGateway" }, "RouteTableId": { "Ref": "RouteTable" } }, "Type": "AWS::EC2::Route" }, "EgressOnlyInternetGateway": { "Properties": { "VpcId": { "Ref": "VPC" } }, "Type": "AWS::EC2::EgressOnlyInternetGateway" }, "RouteTable": { "Properties": { "VpcId": { "Ref": "VPC" } }, "Type": "AWS::EC2::RouteTable" }, "VPC": { "Properties": { "CidrBlock": "10.0.0.0/16" }, "Type": "AWS::EC2::VPC" } } }

YAML

Resources: DefaultIpv6Route: Type: AWS::EC2::Route Properties: DestinationIpv6CidrBlock: "::/0" EgressOnlyInternetGatewayId: !Ref EgressOnlyInternetGateway RouteTableId: !Ref RouteTable EgressOnlyInternetGateway: Type: AWS::EC2::EgressOnlyInternetGateway Properties: VpcId: !Ref VPC RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16