Deployment with CloudFormation

Our library of CloudFormation templates caters for a variety of scenarios to setup a discrimiNAT firewall in. Have a look below to pick one and launch it straightaway! If your circumstances do not fit any of these, get in touch and we'd be happy to add more to our library.

Standalone discrimiNAT firewall for existing VPC
Launch CloudFormation Best suited for cases where VPCs and related networking are managed by the customer to their specific design. This stack will place a discrimiNAT firewall in the environment but the customer will have to change the routing tables of the Private/Application Subnets, which hold the EC2 instances reaching out to the Internet via a NAT Gateway, to instead reach out to the internet via the discrimiNAT firewall.
Prerequisites
  • A VPC
  • A Public Subnet in an Availability Zone, with 'Auto-assign public IPv4' turned on
  • An Internet Gateway set as the Target for Destination 0.0.0.0/0 in the Route Table of the Public Subnet
Resources Provisioned
  • IAM Role, Policy and Instance Profile for permissions to write logs to CloudWatch, report Instance Health and read Parameters from AWS SSM
  • Network Interface as a static Target for Destination 0.0.0.0/0, for Route Tables of the Private/Application Subnets
  • Elastic IP for a static NAT IP on all outbound traffic
  • Auto Scaling Group for the discrimiNAT instance itself

 

Complete VPC example, with networking for 1 AZ
Launch CloudFormation This is supplied as a working example with a typical network layout for one Availability Zone. It is a good way to bootstrap a VPC with all the right subnets and routing tables if none exists already.
Prerequisites
  • None
Resources Provisioned
  • IAM Role, Policy and Instance Profile for permissions to write logs to CloudWatch report Instance Health and read Parameters from AWS SSM
  • Network Interface as a static Target for Destination 0.0.0.0/0, for Route Tables of the Private/Application Subnets
  • Elastic IP for a static NAT IP on all outbound traffic
  • Auto Scaling Group for the discrimiNAT instance itself
  • A VPC with a Private/Application Subnet, a Public Subnet and a Spare Subnet (for Transit routing, etc.) in one Availability Zone
  • Public Subnet routing through an Internet Gateway
  • Private/Application Subnet routing to the internet via a discrimiNAT firewall

 

Complete VPC example, with networking for 3 AZs
Launch CloudFormation This is supplied as a working example with a typical network layout for three Availability Zones. It is a good way to bootstrap a VPC with all the right subnets and routing tables if none exists already.
Prerequisites
  • None
Resources Provisioned
  • Same as above but in three Availability Zones