ksnabb/AWS Webstack SecurityGroups.py

## AWS Webstack SecurityGroups.py
app_security_group = stack.add_resource(
    SecurityGroup(
        'AppInstanceSecurityGroup',
        GroupName='AppInstanceSecurityGroup',
        GroupDescription='Security group for the application instance',
        SecurityGroupIngress=[{
            'FromPort': '8080',
            'ToPort': '8080',
            'IpProtocol': 'tcp',
            'CidrIp': '0.0.0.0/0'
        }, {
            'FromPort': '-1',
            'ToPort': '-1',
            'IpProtocol': 'icmp',
            'CidrIp': '0.0.0.0/0'
        }],
        SecurityGroupEgress=[{
            'CidrIp': '0.0.0.0/0',
            'FromPort': '80',
            'IpProtocol': 'tcp',
            'ToPort': '80'
        }, {
            'CidrIp': '0.0.0.0/0',
            'FromPort': '443',
            'IpProtocol': 'tcp',
            'ToPort': '443'
        }, {
            'CidrIp': '0.0.0.0/0',
            'FromPort': '5432',
            'IpProtocol': 'tcp',
            'ToPort': '5432'
        }],
        VpcId=Ref(vpc)
    )
)

load_balancer_security_group = stack.add_resource(
    SecurityGroup(
        'LoadBalancerSecurityGroup',
        GroupName='LoadBalancerSecurityGroup',
        GroupDescription='Security group for the application load balancer',
        SecurityGroupIngress=[{
            'FromPort': '443',
            'ToPort': '443',
            'IpProtocol': 'tcp',
            'CidrIp': '0.0.0.0/0'
        }, {
            'FromPort': '-1',
            'ToPort': '-1',
            'IpProtocol': 'icmp',
            'CidrIp': '0.0.0.0/0'
        }],
        SecurityGroupEgress=[{
            'CidrIp': '0.0.0.0/0',
            'FromPort': '0',
            'IpProtocol': 'tcp',
            'ToPort': '65535'
        }],
        VpcId=Ref(vpc)
    )
)

db_instance_security_group = stack.add_resource(
    SecurityGroup(
        'DBSecurityGroup',
        GroupName='DBSecurityGroup',
        GroupDescription='Security group for the application db',
        SecurityGroupIngress=[{
            'FromPort': '5432',
            'ToPort': '5432',
            'IpProtocol': 'tcp',
            'CidrIp': '0.0.0.0/0'
        }],
        VpcId=Ref(vpc)
    )
)
	app_security_group = stack.add_resource(
	SecurityGroup(
	'AppInstanceSecurityGroup',
	GroupName='AppInstanceSecurityGroup',
	GroupDescription='Security group for the application instance',
	SecurityGroupIngress=[{
	'FromPort': '8080',
	'ToPort': '8080',
	'IpProtocol': 'tcp',
	'CidrIp': '0.0.0.0/0'
	}, {
	'FromPort': '-1',
	'ToPort': '-1',
	'IpProtocol': 'icmp',
	'CidrIp': '0.0.0.0/0'
	}],
	SecurityGroupEgress=[{
	'CidrIp': '0.0.0.0/0',
	'FromPort': '80',
	'IpProtocol': 'tcp',
	'ToPort': '80'
	}, {
	'CidrIp': '0.0.0.0/0',
	'FromPort': '443',
	'IpProtocol': 'tcp',
	'ToPort': '443'
	}, {
	'CidrIp': '0.0.0.0/0',
	'FromPort': '5432',
	'IpProtocol': 'tcp',
	'ToPort': '5432'
	}],
	VpcId=Ref(vpc)
	)
	)

	load_balancer_security_group = stack.add_resource(
	SecurityGroup(
	'LoadBalancerSecurityGroup',
	GroupName='LoadBalancerSecurityGroup',
	GroupDescription='Security group for the application load balancer',
	SecurityGroupIngress=[{
	'FromPort': '443',
	'ToPort': '443',
	'IpProtocol': 'tcp',
	'CidrIp': '0.0.0.0/0'
	}, {
	'FromPort': '-1',
	'ToPort': '-1',
	'IpProtocol': 'icmp',
	'CidrIp': '0.0.0.0/0'
	}],
	SecurityGroupEgress=[{
	'CidrIp': '0.0.0.0/0',
	'FromPort': '0',
	'IpProtocol': 'tcp',
	'ToPort': '65535'
	}],
	VpcId=Ref(vpc)
	)
	)

	db_instance_security_group = stack.add_resource(
	SecurityGroup(
	'DBSecurityGroup',
	GroupName='DBSecurityGroup',
	GroupDescription='Security group for the application db',
	SecurityGroupIngress=[{
	'FromPort': '5432',
	'ToPort': '5432',
	'IpProtocol': 'tcp',
	'CidrIp': '0.0.0.0/0'
	}],
	VpcId=Ref(vpc)
	)
	)