Creates an entire VPC from scratch for Lab or Permanent.

1. Single VPC
2. 3 Public Subnets
3. 3 Private Subnets
4. Public Route Table
5. Private Route Table
6. Internet Gateway
• Attached to the Public Route Table
7. Public Network ACL
8. Private Network ACL
9. VPC Endpoint
10. Instance Access Security Group
• Instance to Instance Access
11. Remote Access Security Group
• This can be used for to allow site-to-site VPN or Direct Connect Networks access to instances.

Creates a NAT Gateway on an existing VPC with Public (IGW) and Private subnets. Private route table is updated to route traffic to the NAT gateway a Public subnet that has an Internet Gateway Attached.

1. VPC
• Public Subnet, IGW, Private Subnet/s.
• Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
2. AWS Privileges

1. NAT Gateway
2. EIP
3. Add Route to Private Route Table

1. Redundancy built in.
2. Easier setup and management.

Creates a Site-to-Site BGP VPN Connection in and existing VPC with public and/or private networks. There is an option to not exclude allowing VPN access to the public networks. Simply select false for the 'Include Public Subnets', leave default value in Public Network ACL and Route Table. The values will just be ignored. This only sets up the AWS side of the VPN. After the CloudFormation creates the objects you'll then need to configure your remote VPN Device. Here's an article that gives the configuration steps for configuring a Sophos UTM v9 VPN endpoint. This assumes that the Private Network ACL allows all outbound. Lastly, the Private Network ACL inbound is updated to allow the remote network block specified.

1. VPC
• Public Subnet, IGW, Private Subnet/s.
• Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
2. Remote Network (Office) VPN Device WAN IP
3. Remote Network CIDR Block to Allow Access and Propagate.

1. Customer Gateway
2. Virtual Private Gateway
3. VPN Connection
4. Enable Route Propagation on Route Table/s
5. Add Network ACL to Allow Remote Network

Creates a single Bastion host on a Public subnet in an existing VPC. Select from either a RHEL, Ubuntu or Windows OS.

1. VPC
• Public Subnet, IGW, Private Subnet/s.
• Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
2. Available EIP

1. EC2 Instance
2. EIP
3. IAM Role
4. IAM Instance Profile
5. Security Group

Create EC2 Single Proxy Instance

1. VPC
2. 1 Public Subnet

1. Create Single EC2 Instance on Public Network with Public IP
2. Create Autoscaling Group of 1 for DR
3. Create Proxy Access Security Group
4. Install Chef Client
5. Create Chef Configurations Files (environment, roles, etc.)
6. Download Cookbooks from Github Repo
7. Checkout Specific Version of Cookbook
8. Run Chef Client using Chef Zero
9. Warm EBS Volume

1. Install, Configure and Start Squid Proxy
2. Setup CloudWatch Logs
3. Create Route53 DNS Update Script
4. Configure DNS Update Cron Job