add technical solution 134

documents/solution/network/unified-internet-egress-with-nat-gateway.yml

@@ -0,0 +1,236 @@
+ROSTemplateFormatVersion: '2015-09-01'
+Description:
+  en: Uniformly manage public IP addresses of ECS instances in a VPC.
+  zh-cn: 通过公网NAT网关实现云上统一公网出口。
+Parameters:
+  CommonName:
+    Type: String
+    Default: unified-egress
+  ZoneId1:
+    Type: String
+    AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
+    AssociationPropertyMetadata:
+      ExclusiveTo:
+        - ZoneId2
+    Label:
+      en: Availability Zone
+      zh-cn: 可用区1
+  ZoneId2:
+    Type: String
+    AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
+    AssociationPropertyMetadata:
+      ExclusiveTo:
+        - ZoneId1
+    Label:
+      en: Availability Zone
+      zh-cn: 可用区2
+  InstanceType1:
+    Type: String
+    AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
+    AssociationPropertyMetadata:
+      InstanceChargeType: PostPaid
+      SystemDiskCategory: cloud_essd
+      ZoneId: ${ZoneId}
+    Label:
+      en: Instance Type
+      zh-cn: 实例规格1
+  InstanceType2:
+    Type: String
+    AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
+    AssociationPropertyMetadata:
+      InstanceChargeType: PostPaid
+      SystemDiskCategory: cloud_essd
+      ZoneId: ${ZoneId}
+    Label:
+      en: Instance Type
+      zh-cn: 实例规格2
+  InstancePassword:
+    NoEcho: true
+    Type: String
+    Description:
+      en: >-
+        Server login password, Length 8-30, must contain three(Capital letters,
+        lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special
+        symbol in)
+      zh-cn: >-
+        服务器登录密码,长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
+        中的特殊符号）
+    Label:
+      en: Instance Password
+      zh-cn: 实例密码
+    ConstraintDescription:
+      en: >-
+        Length 8-30, must contain three(Capital letters, lowercase letters,
+        numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
+      zh-cn: '长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;''<>,.?/ 中的特殊符号）'
+    AssociationProperty: 'ALIYUN::ECS::Instance::Password'
+    Default: null
+Resources:
+  Vpc:
+    Type: 'ALIYUN::ECS::VPC'
+    Properties:
+      CidrBlock: 192.168.0.0/16
+      VpcName:
+        Fn::Sub: ${CommonName}-vpc
+  VSwitch1:
+    Type: 'ALIYUN::ECS::VSwitch'
+    Properties:
+      VpcId:
+        Ref: Vpc
+      CidrBlock: 192.168.1.0/24
+      ZoneId:
+        Ref: ZoneId1
+      VSwitchName:
+        Fn::Sub: ${CommonName}-app1-vsw
+  VSwitch2:
+    Type: 'ALIYUN::ECS::VSwitch'
+    Properties:
+      VpcId:
+        Ref: Vpc
+      CidrBlock: 192.168.2.0/24
+      ZoneId:
+        Ref: ZoneId2
+      VSwitchName:
+        Fn::Sub: ${CommonName}-app2-vsw
+  VSwitch3:
+    Type: 'ALIYUN::ECS::VSwitch'
+    Properties:
+      VpcId:
+        Ref: Vpc
+      CidrBlock: 192.168.3.0/24
+      ZoneId:
+        Ref: ZoneId1
+      VSwitchName:
+        Fn::Sub: ${CommonName}-pub-vsw
+  SecurityGroup:
+    Type: 'ALIYUN::ECS::SecurityGroup'
+    Properties:
+      VpcId:
+        Ref: Vpc
+      SecurityGroupName:
+        Fn::Sub: ${CommonName}-sg
+      SecurityGroupIngress:
+        - PortRange: 22/22
+          SourceCidrIp: 0.0.0.0/0
+          IpProtocol: tcp
+        - PortRange: 443/443
+          SourceCidrIp: 0.0.0.0/0
+          IpProtocol: tcp
+        - PortRange: 80/80
+          SourceCidrIp: 0.0.0.0/0
+          IpProtocol: tcp
+  EcsInstance1:
+    Type: 'ALIYUN::ECS::InstanceGroup'
+    Properties:
+      VpcId:
+        Ref: Vpc
+      ZoneId:
+        Ref: ZoneId1
+      VSwitchId:
+        Ref: VSwitch1
+      SecurityGroupId:
+        Ref: SecurityGroup
+      ImageId: aliyun_3_9_x64_20G_alibase_20231219.vhd
+      InstanceName:
+        Fn::Sub: ${CommonName}-ecs-1
+      InstanceType:
+        Ref: InstanceType1
+      SystemDiskCategory: cloud_essd
+      MaxAmount: 1
+      InternetMaxBandwidthOut: 0
+      Password:
+        Ref: InstancePassword
+  EcsInstance2:
+    Type: 'ALIYUN::ECS::InstanceGroup'
+    Properties:
+      VpcId:
+        Ref: Vpc
+      ZoneId:
+        Ref: ZoneId2
+      VSwitchId:
+        Ref: VSwitch2
+      SecurityGroupId:
+        Ref: SecurityGroup
+      ImageId: aliyun_3_9_x64_20G_alibase_20231219.vhd
+      InstanceName:
+        Fn::Sub: ${CommonName}-ecs-2
+      InstanceType:
+        Ref: InstanceType2
+      SystemDiskCategory: cloud_essd
+      MaxAmount: 1
+      InternetMaxBandwidthOut: 0
+      Password:
+        Ref: InstancePassword
+  NatGateway:
+    Type: 'ALIYUN::VPC::NatGateway'
+    Properties:
+      NatGatewayName:
+        Fn::Sub: ${CommonName}-ngw
+      VSwitchId:
+        Ref: VSwitch3
+      NatType: Enhanced
+      VpcId:
+        Ref: Vpc
+  Eip:
+    Type: 'ALIYUN::VPC::EIP'
+    Properties:
+      DeletionProtection: false
+      Isp: BGP
+      Bandwidth: 200
+      InternetChargeType: PayByTraffic
+  EipAssociation:
+    Type: 'ALIYUN::VPC::EIPAssociation'
+    Properties:
+      InstanceId:
+        Ref: NatGateway
+      AllocationId:
+        Ref: Eip
+  SNat:
+    Type: 'ALIYUN::VPC::SnatEntry'
+    DependsOn: EipAssociation
+    Properties:
+      SnatTableId:
+        Fn::GetAtt:
+          - NatGateway
+          - SNatTableId
+      SnatEntryName:
+        Fn::Sub: ${CommonName}-snat
+      SourceVSwitchIds:
+        - Ref: VSwitch1
+      SnatIp:
+        Fn::GetAtt:
+          - Eip
+          - EipAddress
+  Route:
+    Type: 'ALIYUN::ECS::Route'
+    Properties:
+      DestinationCidrBlock: '0.0.0.0/0'
+      RouteTableId:
+        Fn::GetAtt:
+          - Vpc
+          - RouteTableId
+      NextHopId:
+        Ref: NatGateway
+      NextHopType: NatGateway
+Outputs:
+  EcsLoginAddress:
+    Description:
+      en: Ecs1 login address.
+      zh-cn: ECS1 登录地址。
+    Value:
+      Fn::Sub: >-
+        https://ecs-workbench.aliyun.com/?from=EcsConsole
+        &instanceType=ecs&regionId=${ALIYUN::Region}&instanceId=${EcsInstance1}
+Metadata:
+  ALIYUN::ROS::Interface:
+    ParameterGroups:
+      - Parameters:
+          - ZoneId1
+          - ZoneId2
+          - InstanceType1
+          - InstanceType2
+          - InstancePassword
+    TemplateTags:
+      - acs:technical-solution:network:通过公网NAT网关实现云上统一公网出口-tech_solu_134
+    Hidden:
+      - CommonName