ecsfs_security.yaml

FargateContainerSecurityGroup:
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: Access to Fargate containers.
    VpcId: !Ref VPC

IngressFromPublicALBSecurityGroup:
  Type: AWS::EC2::SecurityGroupIngress
  Properties:
    Description: Ingress from the public Application Load Balancer.
    GroupId: !Ref FargateContainerSecurityGroup
    IpProtocol: -1  # Means all protocols (TCD, UDP or any ICMP/ICMPv6 number).
    SourceSecurityGroupId: !Ref PublicLoadBalancerSecurityGroup

IngressFromSelfSecurityGroup:
  Type: AWS::EC2::SecurityGroupIngress
  Properties:
    Description: Ingress from other containers in the same security group.
    GroupId: !Ref FargateContainerSecurityGroup
    IpProtocol: -1
    SourceSecurityGroupId: !Ref FargateContainerSecurityGroup

PublicLoadBalancerSecurityGroup:
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: Access to the public facing load balancer.
    VpcId: !Ref VPC
    SecurityGroupIngress:
      - CidrIp: 0.0.0.0/0  # Allows all IPs. Traffic from anywhere.
        IpProtocol: -1