Created
May 15, 2016 22:44
-
-
Save chadmccathie/61fce5673601c0b3f4e6822cd61f8685 to your computer and use it in GitHub Desktop.
secgroups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CloudFormation do | |
| Description("Ingogo Production Environment - Security Groups") | |
| AWSTemplateFormatVersion("2010-09-09") | |
| Parameter("VpcId") do | |
| Type("String") | |
| Default("vpc-a2ee78c7") | |
| end | |
| Parameter("environment") do | |
| Type("String") | |
| Default environment | |
| end | |
| Parameter("NatGroupName") do | |
| Type("String") | |
| Default("Nat Security Group") | |
| end | |
| Parameter("BatchGroupName") do | |
| Type("String") | |
| Default("Batch Security Group") | |
| end | |
| Parameter("BatchelbGroupName") do | |
| Type("String") | |
| Default("Batchelb Security Group") | |
| end | |
| Parameter("BatchelbGroupNameDescription") do | |
| Type("String") | |
| Default("Batchelb Security Group") | |
| end | |
| Parameter("BatchGroupDescription") do | |
| Type("String") | |
| Default("Security Group For admin Instances") | |
| end | |
| Parameter("TrainingGroupName") do | |
| Type("String") | |
| Default("Training Security Group") | |
| end | |
| Parameter("TrainingelbGroupName") do | |
| Type("String") | |
| Default("Trainingelb Security Group") | |
| end | |
| Parameter("TrainingelbGroupNameDescription") do | |
| Type("String") | |
| Default("Trainingelb Security Group") | |
| end | |
| Parameter("TrainingGroupDescription") do | |
| Type("String") | |
| Default("Security Group For admin Instances") | |
| end | |
| Parameter("NatGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Nat Instances") | |
| end | |
| Parameter("ApiGroupName") do | |
| Type("String") | |
| Default("Api Security Group") | |
| end | |
| Parameter("ApiGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Api Instances") | |
| end | |
| Parameter("ProxyGroupName") do | |
| Type("String") | |
| Default("Proxy Security Group") | |
| end | |
| Parameter("ProxyGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Proxy Instances") | |
| end | |
| Parameter("RedisGroupName") do | |
| Type("String") | |
| Default("Redis Security Group") | |
| end | |
| Parameter("RedisGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Redis Instances") | |
| end | |
| Parameter("MysqlServerGroupName") do | |
| Type("String") | |
| Default("Mysql Server Security Group") | |
| end | |
| Parameter("MysqlServerGroupDescription") do | |
| Type("String") | |
| Default("Mysql Server Security Group") | |
| end | |
| Parameter("MysqlUserGroupName") do | |
| Type("String") | |
| Default("Mysql User Security Group") | |
| end | |
| Parameter("MysqlUserGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Mysql Instances") | |
| end | |
| Parameter("ESgeoServerGroupName") do | |
| Type("String") | |
| Default("ESgeo Server Security Group") | |
| end | |
| Parameter("ESgeoServerGroupDescription") do | |
| Type("String") | |
| Default("ESgeo Server Security Group") | |
| end | |
| Parameter("ESgeoUserGroupName") do | |
| Type("String") | |
| Default("ESgeo Security Group") | |
| end | |
| Parameter("ESgeoUserGroupDescription") do | |
| Type("String") | |
| Default("ESgeo Security Group to attach to Instances") | |
| end | |
| Parameter("BastionServerGroupName") do | |
| Type("String") | |
| Default("Bastion Server Security Group") | |
| end | |
| Parameter("BastionServerGroupDescription") do | |
| Type("String") | |
| Default("Bastion Server Security Group") | |
| end | |
| Parameter("BastionUserGroupName") do | |
| Type("String") | |
| Default("Bastion Security Group") | |
| end | |
| Parameter("BastionUserGroupDescription") do | |
| Type("String") | |
| Default("Bastion Security Group to attach to Instances") | |
| end | |
| Parameter("ApielbGroupName") do | |
| Type("String") | |
| Default("Apielb Security Group") | |
| end | |
| Parameter("ApielbGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Apielb Instances") | |
| end | |
| Parameter("AdminGroupName") do | |
| Type("String") | |
| Default("Admin Security Group") | |
| end | |
| Parameter("AdminelbGroupName") do | |
| Type("String") | |
| Default("adminelb Security Group") | |
| end | |
| Parameter("AdminGroupDescription") do | |
| Type("String") | |
| Default("Security Group For admin Instances") | |
| end | |
| Parameter("ProxyelbGroupName") do | |
| Type("String") | |
| Default("Proxyelb Security Group") | |
| end | |
| Parameter("ProxyelbGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Proxyelb Instances") | |
| end | |
| Resource("NatGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("NatGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("NatGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BatchGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("BatchGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("BatchelbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BatchGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("TrainingGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("TrainingGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("TrainingelbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("TrainingGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BuildSecurityGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "SSH access for Build Server") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| } | |
| ]) | |
| end | |
| Resource("ApiGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ApiGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("ApielbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ApiGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("AdminGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("AdminGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("AdminelbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("AdminGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ProxyGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ProxyGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("ProxyelbGroup"), | |
| "ToPort" => 80 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ProxyGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("RedisServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("RedisGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("RedisGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("RedisServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("RedisServerGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "6379") | |
| Property("ToPort", "6379") | |
| Property("SourceSecurityGroupId", Ref("RedisUserGroup")) | |
| end | |
| Resource("RedisUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("RedisGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("RedisGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("RedisUserGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("RedisUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "6379") | |
| Property("ToPort", "6379") | |
| Property("DestinationSecurityGroupId", Ref("RedisServerGroup")) | |
| end | |
| Resource("MysqlUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("MysqlUserGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("MysqlUserGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("MysqlUserGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("MysqlUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 3306) | |
| Property("ToPort", 3306) | |
| Property("DestinationSecurityGroupId", Ref("MysqlServerGroup")) | |
| end | |
| Resource("MysqlServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("MysqlServerGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("MysqlServerGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("MysqlServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("MysqlServerGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 3306) | |
| Property("ToPort", 3306) | |
| Property("SourceSecurityGroupId", Ref("MysqlUserGroup")) | |
| end | |
| Resource("ApielbGroupGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("ApielbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("ApiGroup")) | |
| end | |
| Resource("BastionUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("BastionUserGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BastionUserGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BastionUserGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("BastionUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 22) | |
| Property("ToPort", 22) | |
| Property("SourceSecurityGroupId", Ref("BastionServerGroup")) | |
| end | |
| Resource("BastionServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("BastionServerGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BastionServerGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BastionServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("BastionServerGroup")) | |
| Property("CidrIp", "172.31.224.0/19") | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 22) | |
| Property("ToPort", 22) | |
| end | |
| Resource("ESgeoUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ESgeoUserGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ESgeoUserGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ESgeoUserGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("ESgeoUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 0) | |
| Property("ToPort", 65535) | |
| Property("SourceSecurityGroupId", Ref("ESgeoUserGroup")) | |
| end | |
| Resource("ESgeoUserGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("ESgeoUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 0) | |
| Property("ToPort", 65535) | |
| Property("DestinationSecurityGroupId", Ref("ESgeoServerGroup")) | |
| end | |
| Resource("ESgeoServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ESgeoServerGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ESgeoServerGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ESgeoServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("ESgeoServerGroup")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
| "FromPort" => "9200", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "9200" | |
| }, | |
| { | |
| "SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
| "FromPort" => "9300", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "9300" | |
| } | |
| ]) | |
| end | |
| Resource("ApielbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ApielbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BatchelbGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("BatchelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("BatchGroup")) | |
| end | |
| Resource("TrainingelbGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("TrainingelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("TrainingGroup")) | |
| end | |
| Resource("AdminelbGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("AdminelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("AdminGroup")) | |
| end | |
| Resource("AdminelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("AdminelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BatchelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BatchelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("TrainingelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("TrainingelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ProxyelbGroupGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("ProxyelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "80") | |
| Property("ToPort", "80") | |
| Property("DestinationSecurityGroupId", Ref("ProxyGroup")) | |
| end | |
| Resource("ProxyelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ProxyelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("bpmanagement") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "Allow BP Management") | |
| Property("VpcId", Ref("VpcId")) | |
| end | |
| Resource("bpmanagement103232023port22") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "22") | |
| Property("ToPort", "22") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement103232023port80") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "80") | |
| Property("ToPort", "80") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement103232023port443") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "443") | |
| Property("ToPort", "443") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement103232023port3389") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "3389") | |
| Property("ToPort", "3389") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagementicmp") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "0.0.0.0/0") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "icmp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement52311udp") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.85.31/32") | |
| Property("FromPort", "52311") | |
| Property("ToPort", "52311") | |
| Property("IpProtocol", "udp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement52311tcp") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.85.31/32") | |
| Property("FromPort", "52311") | |
| Property("ToPort", "52311") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement4118") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.78.96/29") | |
| Property("FromPort", "4118") | |
| Property("ToPort", "4118") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement20244981132everything") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "202.44.98.11/32") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "-1") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement1025416024everything") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.254.16.0/24") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "-1") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement192168786427everything") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.78.64/27") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "-1") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Output("NatGroupId") do | |
| Value(Ref("NatGroup")) | |
| end | |
| Output("ApiGroupId") do | |
| Value(Ref("ApiGroup")) | |
| end | |
| Output("AdminelbGroupId") do | |
| Value(Ref("AdminelbGroup")) | |
| end | |
| Output("AdminGroupId") do | |
| Value(Ref("AdminGroup")) | |
| end | |
| Output("ProxyGroupId") do | |
| Value(Ref("ProxyGroup")) | |
| end | |
| Output("ProxyelbGroupId") do | |
| Value(Ref("ProxyelbGroup")) | |
| end | |
| Output("RedisUserGroupId") do | |
| Value(Ref("RedisUserGroup")) | |
| end | |
| Output("RedisSeverGroupId") do | |
| Value(Ref("RedisServerGroup")) | |
| end | |
| Output("MysqlUserGroupId") do | |
| Value(Ref("MysqlUserGroup")) | |
| end | |
| Output("MysqlServerGroupId") do | |
| Value(Ref("MysqlServerGroup")) | |
| end | |
| Output("ApielbGroupId") do | |
| Value(Ref("ApielbGroup")) | |
| end | |
| Output("VpcId") do | |
| Value(Ref("VpcId")) | |
| end | |
| Output("BatchelbGroupId") do | |
| Value(Ref("BatchelbGroup")) | |
| end | |
| Output("BatchGroupId") do | |
| Value(Ref("BatchGroup")) | |
| end | |
| Output("TrainingelbGroupId") do | |
| Value(Ref("TrainingelbGroup")) | |
| end | |
| Output("TrainingGroupId") do | |
| Value(Ref("TrainingGroup")) | |
| end | |
| Output("BastionUserGroupId") do | |
| Value(Ref("BastionUserGroup")) | |
| end | |
| Output("BastionServerGroupId") do | |
| Value(Ref("BastionServerGroup")) | |
| end | |
| Output("ESgeoUserGroupId") do | |
| Value(Ref("ESgeoUserGroup")) | |
| end | |
| Output("ESgeoServerGroupId") do | |
| Value(Ref("ESgeoServerGroup")) | |
| end | |
| Output("BuildSecurityGroup") do | |
| Value(Ref("BuildSecurityGroup")) | |
| end | |
| Output("BPManagementGroupId") do | |
| Value(Ref("bpmanagement")) | |
| end | |
| end | |
| CloudFormation do | |
| Description("Ingogo Production Environment - Security Groups") | |
| AWSTemplateFormatVersion("2010-09-09") | |
| Parameter("VpcId") do | |
| Type("String") | |
| Default("vpc-a2ee78c7") | |
| end | |
| Parameter("environment") do | |
| Type("String") | |
| Default environment | |
| end | |
| Parameter("NatGroupName") do | |
| Type("String") | |
| Default("Nat Security Group") | |
| end | |
| Parameter("BatchGroupName") do | |
| Type("String") | |
| Default("Batch Security Group") | |
| end | |
| Parameter("BatchelbGroupName") do | |
| Type("String") | |
| Default("Batchelb Security Group") | |
| end | |
| Parameter("BatchelbGroupNameDescription") do | |
| Type("String") | |
| Default("Batchelb Security Group") | |
| end | |
| Parameter("BatchGroupDescription") do | |
| Type("String") | |
| Default("Security Group For admin Instances") | |
| end | |
| Parameter("TrainingGroupName") do | |
| Type("String") | |
| Default("Training Security Group") | |
| end | |
| Parameter("TrainingelbGroupName") do | |
| Type("String") | |
| Default("Trainingelb Security Group") | |
| end | |
| Parameter("TrainingelbGroupNameDescription") do | |
| Type("String") | |
| Default("Trainingelb Security Group") | |
| end | |
| Parameter("TrainingGroupDescription") do | |
| Type("String") | |
| Default("Security Group For admin Instances") | |
| end | |
| Parameter("NatGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Nat Instances") | |
| end | |
| Parameter("ApiGroupName") do | |
| Type("String") | |
| Default("Api Security Group") | |
| end | |
| Parameter("ApiGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Api Instances") | |
| end | |
| Parameter("ProxyGroupName") do | |
| Type("String") | |
| Default("Proxy Security Group") | |
| end | |
| Parameter("ProxyGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Proxy Instances") | |
| end | |
| Parameter("RedisGroupName") do | |
| Type("String") | |
| Default("Redis Security Group") | |
| end | |
| Parameter("RedisGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Redis Instances") | |
| end | |
| Parameter("MysqlServerGroupName") do | |
| Type("String") | |
| Default("Mysql Server Security Group") | |
| end | |
| Parameter("MysqlServerGroupDescription") do | |
| Type("String") | |
| Default("Mysql Server Security Group") | |
| end | |
| Parameter("MysqlUserGroupName") do | |
| Type("String") | |
| Default("Mysql User Security Group") | |
| end | |
| Parameter("MysqlUserGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Mysql Instances") | |
| end | |
| Parameter("ESgeoServerGroupName") do | |
| Type("String") | |
| Default("ESgeo Server Security Group") | |
| end | |
| Parameter("ESgeoServerGroupDescription") do | |
| Type("String") | |
| Default("ESgeo Server Security Group") | |
| end | |
| Parameter("ESgeoUserGroupName") do | |
| Type("String") | |
| Default("ESgeo Security Group") | |
| end | |
| Parameter("ESgeoUserGroupDescription") do | |
| Type("String") | |
| Default("ESgeo Security Group to attach to Instances") | |
| end | |
| Parameter("BastionServerGroupName") do | |
| Type("String") | |
| Default("Bastion Server Security Group") | |
| end | |
| Parameter("BastionServerGroupDescription") do | |
| Type("String") | |
| Default("Bastion Server Security Group") | |
| end | |
| Parameter("BastionUserGroupName") do | |
| Type("String") | |
| Default("Bastion Security Group") | |
| end | |
| Parameter("BastionUserGroupDescription") do | |
| Type("String") | |
| Default("Bastion Security Group to attach to Instances") | |
| end | |
| Parameter("ApielbGroupName") do | |
| Type("String") | |
| Default("Apielb Security Group") | |
| end | |
| Parameter("ApielbGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Apielb Instances") | |
| end | |
| Parameter("AdminGroupName") do | |
| Type("String") | |
| Default("Admin Security Group") | |
| end | |
| Parameter("AdminelbGroupName") do | |
| Type("String") | |
| Default("adminelb Security Group") | |
| end | |
| Parameter("AdminGroupDescription") do | |
| Type("String") | |
| Default("Security Group For admin Instances") | |
| end | |
| Parameter("ProxyelbGroupName") do | |
| Type("String") | |
| Default("Proxyelb Security Group") | |
| end | |
| Parameter("ProxyelbGroupDescription") do | |
| Type("String") | |
| Default("Security Group For Proxyelb Instances") | |
| end | |
| Resource("NatGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("NatGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("NatGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BatchGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("BatchGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("BatchelbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BatchGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("TrainingGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("TrainingGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("TrainingelbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("TrainingGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BuildSecurityGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "SSH access for Build Server") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => "22", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "22" | |
| } | |
| ]) | |
| end | |
| Resource("ApiGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ApiGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("ApielbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ApiGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("AdminGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("AdminGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 8080, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("AdminelbGroup"), | |
| "ToPort" => 8080 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("AdminGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ProxyGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ProxyGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "SourceSecurityGroupId" => Ref("ProxyelbGroup"), | |
| "ToPort" => 80 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ProxyGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("RedisServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("RedisGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("RedisGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("RedisServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("RedisServerGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "6379") | |
| Property("ToPort", "6379") | |
| Property("SourceSecurityGroupId", Ref("RedisUserGroup")) | |
| end | |
| Resource("RedisUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("RedisGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("RedisGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("RedisUserGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("RedisUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "6379") | |
| Property("ToPort", "6379") | |
| Property("DestinationSecurityGroupId", Ref("RedisServerGroup")) | |
| end | |
| Resource("MysqlUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("MysqlUserGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("MysqlUserGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("MysqlUserGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("MysqlUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 3306) | |
| Property("ToPort", 3306) | |
| Property("DestinationSecurityGroupId", Ref("MysqlServerGroup")) | |
| end | |
| Resource("MysqlServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("MysqlServerGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("MysqlServerGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("MysqlServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("MysqlServerGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 3306) | |
| Property("ToPort", 3306) | |
| Property("SourceSecurityGroupId", Ref("MysqlUserGroup")) | |
| end | |
| Resource("ApielbGroupGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("ApielbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("ApiGroup")) | |
| end | |
| Resource("BastionUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("BastionUserGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BastionUserGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BastionUserGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("BastionUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 22) | |
| Property("ToPort", 22) | |
| Property("SourceSecurityGroupId", Ref("BastionServerGroup")) | |
| end | |
| Resource("BastionServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("BastionServerGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BastionServerGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BastionServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("BastionServerGroup")) | |
| Property("CidrIp", "172.31.224.0/19") | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 22) | |
| Property("ToPort", 22) | |
| end | |
| Resource("ESgeoUserGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ESgeoUserGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ESgeoUserGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ESgeoUserGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("ESgeoUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 0) | |
| Property("ToPort", 65535) | |
| Property("SourceSecurityGroupId", Ref("ESgeoUserGroup")) | |
| end | |
| Resource("ESgeoUserGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("ESgeoUserGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 0) | |
| Property("ToPort", 65535) | |
| Property("DestinationSecurityGroupId", Ref("ESgeoServerGroup")) | |
| end | |
| Resource("ESgeoServerGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", Ref("ESgeoServerGroupDescription")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ESgeoServerGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ESgeoServerGroupIngress") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("GroupId", Ref("ESgeoServerGroup")) | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
| "FromPort" => "9200", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "9200" | |
| }, | |
| { | |
| "SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
| "FromPort" => "9300", | |
| "IpProtocol" => "tcp", | |
| "ToPort" => "9300" | |
| } | |
| ]) | |
| end | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", 0) | |
| Property("ToPort", 65535) | |
| Property("SourceSecurityGroupId", Ref("ESgeoUserGroup")) | |
| end | |
| Resource("ApielbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ApielbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BatchelbGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("BatchelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("BatchGroup")) | |
| end | |
| Resource("TrainingelbGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("TrainingelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("TrainingGroup")) | |
| end | |
| Resource("AdminelbGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("AdminelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "8080") | |
| Property("ToPort", "8080") | |
| Property("DestinationSecurityGroupId", Ref("AdminGroup")) | |
| end | |
| Resource("AdminelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("AdminelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("BatchelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("BatchelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("TrainingelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("TrainingelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("ProxyelbGroupGroupEgress") do | |
| Type("AWS::EC2::SecurityGroupEgress") | |
| Property("GroupId", Ref("ProxyelbGroup")) | |
| Property("IpProtocol", "tcp") | |
| Property("FromPort", "80") | |
| Property("ToPort", "80") | |
| Property("DestinationSecurityGroupId", Ref("ProxyGroup")) | |
| end | |
| Resource("ProxyelbGroup") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "LoadBalancer Public Security Group") | |
| Property("VpcId", Ref("VpcId")) | |
| Property("SecurityGroupIngress", [ | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 80, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 80 | |
| }, | |
| { | |
| "CidrIp" => "0.0.0.0/0", | |
| "FromPort" => 443, | |
| "IpProtocol" => "tcp", | |
| "ToPort" => 443 | |
| } | |
| ]) | |
| Property("Tags", [ | |
| { | |
| "Key" => "Name", | |
| "Value" => Ref("ProxyelbGroupName") | |
| }, | |
| { | |
| "Key" => "Environment", | |
| "Value" => Ref("environment") | |
| } | |
| ]) | |
| end | |
| Resource("bpmanagement") do | |
| Type("AWS::EC2::SecurityGroup") | |
| Property("GroupDescription", "Allow BP Management") | |
| Property("VpcId", Ref("VpcId")) | |
| end | |
| Resource("bpmanagement103232023port22") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "22") | |
| Property("ToPort", "22") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement103232023port80") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "80") | |
| Property("ToPort", "80") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement103232023port443") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "443") | |
| Property("ToPort", "443") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement103232023port3389") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.32.32.0/23") | |
| Property("FromPort", "3389") | |
| Property("ToPort", "3389") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagementicmp") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "0.0.0.0/0") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "icmp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement52311udp") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.85.31/32") | |
| Property("FromPort", "52311") | |
| Property("ToPort", "52311") | |
| Property("IpProtocol", "udp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement52311tcp") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.85.31/32") | |
| Property("FromPort", "52311") | |
| Property("ToPort", "52311") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement4118") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.78.96/29") | |
| Property("FromPort", "4118") | |
| Property("ToPort", "4118") | |
| Property("IpProtocol", "tcp") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement20244981132everything") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "202.44.98.11/32") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "-1") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement1025416024everything") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "10.254.16.0/24") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "-1") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Resource("bpmanagement192168786427everything") do | |
| Type("AWS::EC2::SecurityGroupIngress") | |
| Property("CidrIp", "192.168.78.64/27") | |
| Property("FromPort", "-1") | |
| Property("ToPort", "-1") | |
| Property("IpProtocol", "-1") | |
| Property("GroupId", Ref("bpmanagement")) | |
| end | |
| Output("NatGroupId") do | |
| Value(Ref("NatGroup")) | |
| end | |
| Output("ApiGroupId") do | |
| Value(Ref("ApiGroup")) | |
| end | |
| Output("AdminelbGroupId") do | |
| Value(Ref("AdminelbGroup")) | |
| end | |
| Output("AdminGroupId") do | |
| Value(Ref("AdminGroup")) | |
| end | |
| Output("ProxyGroupId") do | |
| Value(Ref("ProxyGroup")) | |
| end | |
| Output("ProxyelbGroupId") do | |
| Value(Ref("ProxyelbGroup")) | |
| end | |
| Output("RedisUserGroupId") do | |
| Value(Ref("RedisUserGroup")) | |
| end | |
| Output("RedisSeverGroupId") do | |
| Value(Ref("RedisServerGroup")) | |
| end | |
| Output("MysqlUserGroupId") do | |
| Value(Ref("MysqlUserGroup")) | |
| end | |
| Output("MysqlServerGroupId") do | |
| Value(Ref("MysqlServerGroup")) | |
| end | |
| Output("ApielbGroupId") do | |
| Value(Ref("ApielbGroup")) | |
| end | |
| Output("VpcId") do | |
| Value(Ref("VpcId")) | |
| end | |
| Output("BatchelbGroupId") do | |
| Value(Ref("BatchelbGroup")) | |
| end | |
| Output("BatchGroupId") do | |
| Value(Ref("BatchGroup")) | |
| end | |
| Output("TrainingelbGroupId") do | |
| Value(Ref("TrainingelbGroup")) | |
| end | |
| Output("TrainingGroupId") do | |
| Value(Ref("TrainingGroup")) | |
| end | |
| Output("BastionUserGroupId") do | |
| Value(Ref("BastionUserGroup")) | |
| end | |
| Output("BastionServerGroupId") do | |
| Value(Ref("BastionServerGroup")) | |
| end | |
| Output("ESgeoUserGroupId") do | |
| Value(Ref("ESgeoUserGroup")) | |
| end | |
| Output("ESgeoServerGroupId") do | |
| Value(Ref("ESgeoServerGroup")) | |
| end | |
| Output("BuildSecurityGroup") do | |
| Value(Ref("BuildSecurityGroup")) | |
| end | |
| Output("BPManagementGroupId") do | |
| Value(Ref("bpmanagement")) | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment