{
"AWSTemplateFormatVersion": "2010-09-09",
"Mappings" : {
"RegionMap" : {
"af-south-1" : {"452" : "ami-07f4686dce0bfba6f"},
"ap-south-1" : {"452" : "ami-0c8b08f6d98c4a915"},
"eu-north-1" : {"452" : "ami-0261b2175572fd9d0"},
"eu-west-3" : {"452" : "ami-0a02cebf8dbc24c03"},
"eu-south-1" : {"452" : "ami-0a9e23e3ed38aed9f"},
"eu-west-2" : {"452" : "ami-0aac326bef1b54867"},
"eu-west-1" : {"452" : "ami-0f42ac7f701577813"},
"ap-northeast-3" : {"452" : "ami-034e363c74eeaa491"},
"ap-northeast-2" : {"452" : "ami-0bb3e6d7a3293c9ee"},
"me-south-1" : {"452" : "ami-05a34fc02957b91dd"},
"ap-northeast-1" : {"452" : "ami-09ce132a9f12c1b82"},
"ca-central-1" : {"452" : "ami-0d3fd350b2c01a8dd"},
"sa-east-1" : {"452" : "ami-023cad8051eb94cca"},
"ap-east-1" : {"452" : "ami-04c9e1c11e244814b"},
"ap-southeast-1" : {"452" : "ami-0eef1763b228995cd"},
"ap-southeast-2" : {"452" : "ami-0c618d56c475c5322"},
"eu-central-1" : {"452" : "ami-0e882252e7aae5884"},
"ap-southeast-3" : {"452" : "ami-00f61993447e00457"},
"us-east-1" : {"452" : "ami-04caee13bebe220d8"},
"us-east-2" : {"452" : "ami-0d47f7a6420842909"},
"us-west-1" : {"452" : "ami-0a6bdd821b9c2ff68"},
"us-west-2" : {"452" : "ami-0f24547ffd448377d"},
"us-gov-east-1" : {"322" : "ami-9b31d0ea", "331" : "ami-b87191c9"},
"us-gov-west-1" : {"322" : "ami-3b11605a", "331" : "ami-f3d08492"}
}
},
"Parameters": {
"SoftwareVersion": {
"Description": "VeloCloud Virtual Edge Software Version",
"Type": "String",
"Default": "452",
"AllowedValues": ["322", "331", "452"],
"ConstraintDescription": "Must be one of the following: 322, 331, or 452"
},
"EC2InstanceType": {
"Description": "Throughput and number of NICs dictate instance type",
"Type": "String",
"Default": "c5.large",
"AllowedValues": [
"c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge",
"c5.large", "c5.xlarge", "c5.2xlarge", "c5.4xlarge"
]
},
"ResourcePrefix" : {
"Description" : "Prefix used for naming all resources created by this template",
"Type" : "String",
"Default" : "velocloud"
},
"AvailabilityZone" : {
"Description" : "Availability zone to deploy in",
"Type" : "String",
"Default" : "us-west-1a"
},
"VeloCloudEdgeName" : {
"Description" : "Name of Edge to be deployed",
"Type" : "String"
},
"ActivationKey" : {
"Description" : "Edge Activation Key",
"Type" : "String",
"AllowedPattern": "^[A-Z0-9-]+$"
},
"IgnoreCertificateValidation" : {
"Description" : "Set to true if using private or self signed certificate on the VCO",
"Type" : "String",
"Default" : "false",
"AllowedValues" : ["true", "false"]
},
"VCO" : {
"Description" : "Orchestrator IP address or hostname (fqdn)",
"Type" : "String"
},
"VpcCidrBlockValue" : {
"Description" : "CIDR block for the VPC",
"Type" : "String",
"Default" : "10.0.0.0/16"
},
"PrivateCidrBlockValue" : {
"Description" : "CIDR block for the LAN side of the Edge",
"Type" : "String",
"Default" : "10.0.1.0/24"
},
"PublicCidrBlockValue" : {
"Description" : "CIDR block for the WAN side of the Edge",
"Type" : "String",
"Default" : "10.0.0.0/24"
},
"VeloCloudKeyPairName" : {
"Description" : "Public/Private Key Name of Edge to be deployed",
"Type" : "AWS::EC2::KeyPair::KeyName"
}
},
"Resources": {
"VelocloudVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": { "Ref": "VpcCidrBlockValue" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "VPC"] ] } } ]
}
},
"PublicCidrBlock": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": { "Ref": "PublicCidrBlockValue" },
"AvailabilityZone": { "Ref": "AvailabilityZone" },
"VpcId": { "Ref": "VelocloudVPC" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "Public-SN"] ] } } ]
}
},
"PrivateCidrBlock": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": { "Ref": "PrivateCidrBlockValue" },
"AvailabilityZone": { "Ref": "AvailabilityZone" },
"VpcId": { "Ref": "VelocloudVPC" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "Private-SN"] ] } } ]
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "IGW"] ] } } ]
}
},
"PrivateRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": { "Ref": "VelocloudVPC" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "Private-RT"] ] } } ]
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": { "Ref": "VelocloudVPC" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "Public-RT"] ] } } ]
}
},
"PublicIpAddress": {
"Type": "AWS::EC2::EIP",
"DependsOn": [ "VpcGatewayAttachment" ],
"Properties": {
"Domain": "vpc"
}
},
"VceInterfaceGe1": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "Management Interface",
"SourceDestCheck": "false",
"SubnetId": { "Ref": "PublicCidrBlock" },
"GroupSet": [ { "Ref": "VelocloudWANSecurityGroup" } ]
}
},
"VceInterfaceGe2": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "WAN Interface",
"SourceDestCheck": "false",
"SubnetId": { "Ref": "PublicCidrBlock" },
"GroupSet": [ { "Ref": "VelocloudWANSecurityGroup" } ]
}
},
"VceInterfaceGe3": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "LAN Interface",
"SourceDestCheck": "false",
"SubnetId": { "Ref": "PrivateCidrBlock" },
"GroupSet": [ { "Ref": "VelocloudLANSecurityGroup" } ]
}
},
"VeloCloudEdge": {
"Type": "AWS::EC2::Instance",
"DependsOn": [ "PublicIpAddress" ],
"Properties": {
"ImageId": { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, { "Ref": "SoftwareVersion" }] },
"InstanceType": { "Ref" : "EC2InstanceType" },
"KeyName": {"Ref": "VeloCloudKeyPairName"},
"Tags": [
{ "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "vEdge"] ] } },
{ "Key": "Owner", "Value": "Generated with VeloClouds Greenfield CloudFormation Template" }
],
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#cloud-config\n",
"velocloud:\n",
" vce:\n",
" vco: ", { "Ref": "VCO" }, "\n",
" activation_code: ", { "Ref": "ActivationKey" }, "\n",
" vco_ignore_cert_errors: ", { "Ref": "IgnoreCertificateValidation" }, "\n"
]]}},
"NetworkInterfaces": [
{
"DeleteOnTermination": "false",
"NetworkInterfaceId": { "Ref": "VceInterfaceGe1"},
"DeviceIndex": 0
},
{
"DeleteOnTermination": "false",
"NetworkInterfaceId": { "Ref": "VceInterfaceGe2"},
"DeviceIndex": 1
},
{
"DeleteOnTermination": "false",
"NetworkInterfaceId": { "Ref": "VceInterfaceGe3"},
"DeviceIndex": 2
}
]
}
},
"VpcGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": { "Ref": "VelocloudVPC" },
"InternetGatewayId": { "Ref": "InternetGateway" }
},
"DependsOn": [ "InternetGateway" ]
},
"PublicRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PublicRouteTable" },
"SubnetId": { "Ref": "PublicCidrBlock" }
}
},
"PrivateRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PrivateRouteTable" },
"SubnetId": { "Ref": "PrivateCidrBlock" }
}
},
"PublicDefaultRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": { "Ref": "PublicRouteTable" },
"GatewayId": { "Ref": "InternetGateway" }
},
"DependsOn": [ "InternetGateway", "VpcGatewayAttachment", "PublicRouteTable" ]
},
"PrivateDefaultRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": { "Ref": "PrivateRouteTable" },
"NetworkInterfaceId": { "Ref": "VceInterfaceGe3" }
},
"DependsOn": [ "VceInterfaceGe3", "PrivateRouteTable" ]
},
"ElasticIpAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"DependsOn": [ "PublicIpAddress", "VeloCloudEdge" ],
"Properties": {
"AllocationId": { "Fn::GetAtt": ["PublicIpAddress", "AllocationId"] },
"NetworkInterfaceId": { "Ref": "VceInterfaceGe2" }
}
},
"VelocloudWANSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "WAN Facing Security Group",
"VpcId": { "Ref": "VelocloudVPC" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "WAN-SG"] ] } } ]
}
},
"AllowSNMP": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudWANSecurityGroup" },
"IpProtocol": "udp",
"FromPort": "161",
"ToPort": "161",
"CidrIp": "0.0.0.0/0"
}
},
"AllowSSH": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudWANSecurityGroup" },
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
},
"AllowVCMP": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudWANSecurityGroup" },
"IpProtocol": "udp",
"FromPort": "2426",
"ToPort": "2426",
"CidrIp": "0.0.0.0/0"
}
},
"VelocloudLANSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "LAN Facing Security Group - WARNING: Default is Allow Only ICMP, adjust accordingly for other traffic",
"VpcId": { "Ref": "VelocloudVPC" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "LAN-SG"] ] } } ]
}
},
"AllowLANTraffic": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudLANSecurityGroup" },
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": "0.0.0.0/0"
}
}
},
"Description": "Arista SD-WAN CloudFormation Template (20230216GF)"
}
{
"AWSTemplateFormatVersion": "2010-09-09",
"Mappings" : {
"RegionMap" : {
"af-south-1" : {"452" : "ami-07f4686dce0bfba6f"},
"ap-south-1" : {"452" : "ami-0c8b08f6d98c4a915"},
"eu-north-1" : {"452" : "ami-0261b2175572fd9d0"},
"eu-west-3" : {"452" : "ami-0a02cebf8dbc24c03"},
"eu-south-1" : {"452" : "ami-0a9e23e3ed38aed9f"},
"eu-west-2" : {"452" : "ami-0aac326bef1b54867"},
"eu-west-1" : {"452" : "ami-0f42ac7f701577813"},
"ap-northeast-3" : {"452" : "ami-034e363c74eeaa491"},
"ap-northeast-2" : {"452" : "ami-0bb3e6d7a3293c9ee"},
"me-south-1" : {"452" : "ami-05a34fc02957b91dd"},
"ap-northeast-1" : {"452" : "ami-09ce132a9f12c1b82"},
"ca-central-1" : {"452" : "ami-0d3fd350b2c01a8dd"},
"sa-east-1" : {"452" : "ami-023cad8051eb94cca"},
"ap-east-1" : {"452" : "ami-04c9e1c11e244814b"},
"ap-southeast-1" : {"452" : "ami-0eef1763b228995cd"},
"ap-southeast-2" : {"452" : "ami-0c618d56c475c5322"},
"eu-central-1" : {"452" : "ami-0e882252e7aae5884"},
"ap-southeast-3" : {"452" : "ami-00f61993447e00457"},
"us-east-1" : {"452" : "ami-04caee13bebe220d8"},
"us-east-2" : {"452" : "ami-0d47f7a6420842909"},
"us-west-1" : {"452" : "ami-0a6bdd821b9c2ff68"},
"us-west-2" : {"452" : "ami-0f24547ffd448377d"},
"us-gov-east-1" : {"322" : "ami-9b31d0ea", "331" : "ami-b87191c9"},
"us-gov-west-1" : {"322" : "ami-3b11605a", "331" : "ami-f3d08492"}
}
},
"Parameters": {
"SoftwareVersion": {
"Description": "VeloCloud Virtual Edge Software Version",
"Type": "String",
"Default": "452",
"AllowedValues": ["322", "331", "452"],
"ConstraintDescription": "Must be one of the following: 322, 331, or 452"
},
"EC2InstanceType": {
"Description": "Throughput and number of NICs dictate instance type",
"Type": "String",
"Default": "c5.large",
"AllowedValues": [
"c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge",
"c5.large", "c5.xlarge", "c5.2xlarge", "c5.4xlarge"
]
},
"ResourcePrefix" : {
"Description" : "Prefix used for naming all resources created by this template",
"Type" : "String",
"Default" : "velocloud"
},
"ExistingVpc" : {
"Description" : "Existing VPC ID",
"Type" : "AWS::EC2::VPC::Id"
},
"ExistingPrivateSubnet" : {
"Description" : "Existing Subnet ID for the LAN side",
"Type" : "AWS::EC2::Subnet::Id"
},
"ExistingPublicSubnet" : {
"Description" : "Existing Subnet ID for the WAN side",
"Type" : "AWS::EC2::Subnet::Id"
},
"VeloCloudEdgeName" : {
"Description" : "Name of Edge to be deployed",
"Type" : "String"
},
"ActivationKey" : {
"Description" : "Edge Activation Key",
"Type" : "String",
"AllowedPattern": "^[A-Z0-9-]+$"
},
"IgnoreCertificateValidation" : {
"Description" : "Set to true if using private or self signed certificate on the VCO",
"Type" : "String",
"Default" : "false",
"AllowedValues" : ["true", "false"]
},
"VCO" : {
"Description" : "Orchestrator IP address or hostname (fqdn)",
"Type" : "String"
},
"VeloCloudKeyPairName" : {
"Description" : "Public/Private Key Name of Edge to be deployed",
"Type" : "AWS::EC2::KeyPair::KeyName"
}
},
"Resources": {
"PublicIpAddress": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"VceInterfaceGe1": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "Management Interface",
"SourceDestCheck": "false",
"SubnetId": { "Ref": "ExistingPublicSubnet" },
"GroupSet": [ { "Ref": "VelocloudWANSecurityGroup" } ]
}
},
"VceInterfaceGe2": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "WAN Interface",
"SourceDestCheck": "false",
"SubnetId": { "Ref": "ExistingPublicSubnet" },
"GroupSet": [ { "Ref": "VelocloudWANSecurityGroup" } ]
}
},
"VceInterfaceGe3": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "LAN Interface",
"SourceDestCheck": "false",
"SubnetId": { "Ref": "ExistingPrivateSubnet" },
"GroupSet": [ { "Ref": "VelocloudLANSecurityGroup" } ]
}
},
"VeloCloudEdge": {
"Type": "AWS::EC2::Instance",
"DependsOn": [ "PublicIpAddress" ],
"Properties": {
"ImageId": { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, { "Ref": "SoftwareVersion" }] },
"InstanceType": { "Ref" : "EC2InstanceType" },
"KeyName": {"Ref": "VeloCloudKeyPairName"},
"Tags": [
{ "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "vEdge"] ] } },
{ "Key": "Owner", "Value": "Generated with VeloCloud Brownfield CloudFormation Template" }
],
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#cloud-config\n",
"velocloud:\n",
" vce:\n",
" vco: ", { "Ref": "VCO" }, "\n",
" activation_code: ", { "Ref": "ActivationKey" }, "\n",
" vco_ignore_cert_errors: ", { "Ref": "IgnoreCertificateValidation" }, "\n"
]]}},
"NetworkInterfaces": [
{
"DeleteOnTermination": "false",
"NetworkInterfaceId": { "Ref": "VceInterfaceGe1"},
"DeviceIndex": 0
},
{
"DeleteOnTermination": "false",
"NetworkInterfaceId": { "Ref": "VceInterfaceGe2"},
"DeviceIndex": 1
},
{
"DeleteOnTermination": "false",
"NetworkInterfaceId": { "Ref": "VceInterfaceGe3"},
"DeviceIndex": 2
}
]
}
},
"ElasticIpAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"DependsOn": [ "PublicIpAddress", "VeloCloudEdge" ],
"Properties": {
"AllocationId": { "Fn::GetAtt": ["PublicIpAddress", "AllocationId"] },
"NetworkInterfaceId": { "Ref": "VceInterfaceGe2" }
}
},
"VelocloudWANSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "WAN Facing Security Group",
"VpcId": { "Ref": "ExistingVpc" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "WAN-SG"] ] } } ]
}
},
"AllowSNMP": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudWANSecurityGroup" },
"IpProtocol": "udp",
"FromPort": "161",
"ToPort": "161",
"CidrIp": "0.0.0.0/0"
}
},
"AllowSSH": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudWANSecurityGroup" },
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
},
"AllowVCMP": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudWANSecurityGroup" },
"IpProtocol": "udp",
"FromPort": "2426",
"ToPort": "2426",
"CidrIp": "0.0.0.0/0"
}
},
"VelocloudLANSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "LAN Facing Security Group - WARNING: Default is Allow Only ICMP, adjust accordingly for other traffic",
"VpcId": { "Ref": "ExistingVpc" },
"Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref" : "ResourcePrefix" }, "LAN-SG"] ] } } ]
}
},
"AllowLANTraffic": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "VelocloudLANSecurityGroup" },
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": "0.0.0.0/0"
}
}
},
"Description": "Arista SD-WAN CloudFormation Template (20230216BF)"
}
The following documentation is available for Arista VeloCloud SD-WAN: