aws cloud formation template Adapted from AWS Partner: SAP on AWS Skillbuilder

This design pattern is used to create a network environment that has the ability to communicate with both internal (privately routed) and external (publicly routed) resources using a combination of both public and private connections. This design is ideal for SAP workloads that need to accomodate a combination of both public and private routing needs, such as all-in internet-facing, multi-tier web applications supported by databases or other privately routed backend systems.

• Public Subnet

  An SAProuter, along with a NAT gateway or NAT instance, are placed in this subnet. Only the specified public IPs from SAP are allowed to be connected to the SAProuter.

• Private Subnet

  SAP systems reside within the same private subnet. Each of these instances reside within their own security group.

    aws cloudformation create-stack \
        --stack-name PublicPrivateVPC \ 
        --template-body file://public_private_vpc.yml \
        --parameters file://parameters.json

    aws cloudformation delete-stack --stack-name PublicPrivateVPC 

1. VPC

   EnableDnsSupport: true
   EnableDnsHostnames: true
   

2. Public Subnet

   MapPublicIpOnLaunch: true
   

3. Internet Gateway
   • Attached to the VPC via IG attachment
4. Public Route Table
   • Associated with the public subnet
   • Default public route to the Internet Gateway
5. Private Subnets
   • located in AZ1 and AZ2

   MapPublicIpOnLaunch: false
   

6. NAT Gateway
   • Associated Elastic IP
7. Private Route Table
   • Associated with the private subnet
   • Default private route to the NAT Gateway
8. No Ingress Security Group
   • Security Group with No Ingress Rule