Created
December 10, 2017 12:14
-
-
Save li0nel/cce70d2d3b9e09c9f4a88ae26228dfe6 to your computer and use it in GitHub Desktop.
CloudFormation template for ECS security group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This security group defines who/where is allowed to access the ECS hosts directly. | |
# By default we're just allowing access from the load balancer. If you want to SSH | |
# into the hosts, or expose non-load balanced services you can open their ports here. | |
ECSSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupDescription: Access to the ECS hosts and the tasks/containers that run on them | |
SecurityGroupIngress: | |
# Only allow inbound access to ECS from the ELB | |
- SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup | |
IpProtocol: -1 | |
- IpProtocol: tcp | |
CidrIp: 0.0.0.0/0 | |
FromPort: '22' | |
ToPort: '22' | |
Tags: | |
- Key: Name | |
Value: !Sub ${EnvironmentName}-ECS-Hosts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment