{

"Resources": {

"Cloud" : {
  "Type" : "AWS::EC2::VPC",
  "Properties" : {
    "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Cloud", "CIDR" ]},
    "EnableDnsSupport": "true",
    "EnableDnsHostnames": "true",
    "Tags" : [
      { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
      { "Key" : "Network", "Value" : "Public" }
    ]
  }
},

"DHCPConfig": {"Type": "AWS::EC2::DHCPOptions", "Properties": {
  "DomainNameServers": ["AmazonProvidedDNS"]
}},

"DHCPServer": {"Type": "AWS::EC2::VPCDHCPOptionsAssociation", "Properties": {
  "VpcId": {"Ref": "Cloud"},
  "DhcpOptionsId": {"Ref": "DHCPConfig"}
}},

"InternetGateway" : {
  "Type" : "AWS::EC2::InternetGateway",
  "Properties" : {}
},

"InternetConnection" : {
   "Type" : "AWS::EC2::VPCGatewayAttachment",
   "Properties" : {
     "VpcId" : { "Ref" : "Cloud" },
     "InternetGatewayId" : { "Ref" : "InternetGateway" }
   }
},

"PublicRouteTable" : {
  "Type" : "AWS::EC2::RouteTable",
  "Properties" : {
    "VpcId" : { "Ref" : "Cloud" }
  }
},

"PublicRoute" : {
  "Type" : "AWS::EC2::Route",
  "Properties" : {
    "RouteTableId" : { "Ref" : "PublicRouteTable" },
    "DestinationCidrBlock" : "0.0.0.0/0",
    "GatewayId" : { "Ref" : "InternetGateway" }
  }
},

"PublicNetworkACL" : {
  "Type" : "AWS::EC2::NetworkAcl",
  "Properties" : {
    "VpcId" : { "Ref" : "Cloud" }
  }
},

"InboundLocalTrafficRule" : {
  "Type" : "AWS::EC2::NetworkAclEntry",
  "Properties" : {
    "NetworkAclId" : { "Ref" : "PublicNetworkACL" },
    "RuleNumber" : "100",
    "Protocol" : "-1",
    "RuleAction" : "allow",
    "Egress" : "false",
    "CidrBlock" : "10.0.0.0/0",
    "PortRange" : { "From" : "0", "To" : "65535" }
  }
},

"InboundHTTPTrafficRule" : {
  "Type" : "AWS::EC2::NetworkAclEntry",
  "Properties" : {
    "NetworkAclId" : { "Ref" : "PublicNetworkACL" },
    "RuleNumber" : "101",
    "Protocol" : "6",
    "RuleAction" : "allow",
    "Egress" : "false",
    "CidrBlock" : "0.0.0.0/0",
    "PortRange" : { "From" : "80", "To" : "80" }
  }
},

"InboundHTTPSTrafficRule" : {
  "Type" : "AWS::EC2::NetworkAclEntry",
  "Properties" : {
    "NetworkAclId" : { "Ref" : "PublicNetworkACL" },
    "RuleNumber" : "102",
    "Protocol" : "6",
    "RuleAction" : "allow",
    "Egress" : "false",
    "CidrBlock" : "0.0.0.0/0",
    "PortRange" : { "From" : "443", "To" : "443" }
  }
},

"InboundSSHTrafficRule" : {
  "Type" : "AWS::EC2::NetworkAclEntry",
  "Properties" : {
    "NetworkAclId" : { "Ref" : "PublicNetworkACL" },
    "RuleNumber" : "103",
    "Protocol" : "6",
    "RuleAction" : "allow",
    "Egress" : "false",
    "CidrBlock" : "0.0.0.0/0",
    "PortRange" : { "From" : "22", "To" : "22" }
  }
},

"InboundEmphemeralTrafficRule" : {
  "Type" : "AWS::EC2::NetworkAclEntry",
  "Properties" : {
    "NetworkAclId" : { "Ref" : "PublicNetworkACL" },
    "RuleNumber" : "104",
    "Protocol" : "6",
    "RuleAction" : "allow",
    "Egress" : "false",
    "CidrBlock" : "0.0.0.0/0",
    "PortRange" : { "From" : "1024", "To" : "65535" }
  }
},

"InboundVPNTrafficRule" : {
  "Type" : "AWS::EC2::NetworkAclEntry",
  "Properties" : {
    "NetworkAclId" : { "Ref" : "PublicNetworkACL" },
    "RuleNumber" : "105",
    "Protocol" : "-1",
    "RuleAction" : "allow",
    "Egress" : "false",
    "CidrBlock" : "0.0.0.0/0",
    "PortRange" : { "From" : "1192", "To" : "1194" }
  }
},

"OutboundTrafficRule" : {
  "Type" : "AWS::EC2::NetworkAclEntry",
  "Properties" : {
    "NetworkAclId" : { "Ref" : "PublicNetworkACL" },
    "RuleNumber" : "100",
    "Protocol" : "-1",
    "RuleAction" : "allow",
    "Egress" : "true",
    "CidrBlock" : "0.0.0.0/0",
    "PortRange" : { "From" : "0", "To" : "65535" }
  }
}

}

}