Deployment with CloudFormation

Our library of CloudFormation templates caters for a variety of scenarios to setup a Secure Egress Gateway in. Have a look below to pick one and launch it straightaway! If your circumstances do not fit any of these, get in touch and we'd be happy to add more to our library.

Standalone Secure Egress Gateway for existing VPC
Launch CloudFormation Best suited for cases where VPCs and related networking are managed by the customer to their specific design. This stack will place a Secure Egress Gateway in the environment but the customer will have to change the routing tables of the Private/Application Subnets, which hold the EC2 instances reaching out to the Internet via a NAT Gateway, to instead reach out to the Internet via the Secure Egress Gateway.
Prerequisites
  • A VPC
  • A Public Subnet in an Availability Zone, with 'Auto-assign public IPv4' turned on
  • An Internet Gateway set as the Target for Destination 0.0.0.0/0 in the Route Table of the Public Subnet
Resources Provisioned
  • IAM Role, Policy and Instance Profile for permissions to write logs to CloudWatch, report Instance Health and read Parameters from AWS SSM
  • Network Interface as a static Target for Destination 0.0.0.0/0, for Route Tables of the Private/Application Subnets
  • Elastic IP for a static NAT IP on all outbound traffic
  • Auto Scaling Group for the Secure Egress Gateway instance itself

 

Complete VPC example, with networking for 1 AZ
Launch CloudFormation This is supplied as a working example with a typical network layout for one Availability Zone. It is a good way to bootstrap a VPC with all the right subnets and routing tables if none exists already.
Prerequisites
  • None
Resources Provisioned
  • IAM Role, Policy and Instance Profile for permissions to write logs to CloudWatch report Instance Health and read Parameters from AWS SSM
  • Network Interface as a static Target for Destination 0.0.0.0/0, for Route Tables of the Private/Application Subnets
  • Elastic IP for a static NAT IP on all outbound traffic
  • Auto Scaling Group for the Secure Egress Gateway instance itself
  • A VPC with a Private/Application Subnet, a Public Subnet and a Spare Subnet (for Transit routing, etc.) in one Availability Zone
  • Public Subnet routing through an Internet Gateway
  • Private/Application Subnet routing to the Internet via a Secure Egress Gateway

 

Complete VPC example, with networking for 3 AZs
Launch CloudFormation This is supplied as a working example with a typical network layout for three Availability Zones. It is a good way to bootstrap a VPC with all the right subnets and routing tables if none exists already.
Prerequisites
  • None
Resources Provisioned
  • Same as above but in three Availability Zones