Your Atlassian Cloud (YAC) - VPC

Available comands include:

  yac vpc (-h | primer)

-h provides api help
primer will display this page

A typical VPC has subnets that are organized with decreasing privacy.

   decreasing 
     privacy
        ^
        |   subnet1: public
        |   subnet2: dmz
        |   subnet3: private

Each subnet has an unique identifier (e.g. subnet123), and a user-friendly name (e.g. dmz, friendly-ness arguable).

In the scheme above, the private subnet would typically have a DirectConnect route or VPN connection to the corporate domain. Resources in the public subnet are accessible directly from the public internet. 

Thus, the full set of subnet layers and external connections might look like:

external users <---->  subnet1: public
                   --> subnet2: dmz
                   |    		
                   |
corp domain <--------> subnet3: private

Privacy is created via "one-hop" routing rules between the subnets. Resources in a given subnet can only address other resources one subnet "hop" away.

Thus, an ELB in the public subnet can address an EC2 instance in the dmz, but not an EC2 instance in the private subnet.

By default, YAC resources are sited as privately as possibly, while obeying one-hop rules.

If you don't have a DirectConnect route or VPN, your VPC may only have/need two subnet layers.

   decreasing 
     privacy
        ^
        |   subnet1: public
        |   subnet2: private

Here, the full network stack might look like:

external users <-----> subnet1: public
                   -->  		
                  |
corp domain <--------> subnet2: private


YAC uses keyword searches to determine which subnet is which.

YAC determines the "user-friendly" name of a VPC or subnet via cloud formation tags.

The default tag used by YAC looks like:

"Tags" : [
  ... 
  { "Key": "Name", "Value" : "friendly-name"},
  ...
]

By default, YAC expects the "friendly" names shown in the diagrams above: [public, dmz, private]

Of course everyone uses different naming conventions for their subnets, so you need to help clue yac into your convention via a task definition dictionary.

A 

{
 ...

  "vpc_name_tag_comment": "the name of the CF tag used to identify vpcs and subnets",
  "vpc_name_tag": "FunnyName",
  "subnets": {
    "comment": "the name of the subnets where yac resources should be placed",
    "e-elb": "danger-zone",
    "asg":   "kinda-sketch",
    "i-elb": "safe-n-sound",
    "efs":   "safe-n-sound",
    "rds":   "safe-n-sound"
  }
  ...
}

