Created
May 15, 2016 22:44
-
-
Save chadmccathie/61fce5673601c0b3f4e6822cd61f8685 to your computer and use it in GitHub Desktop.
secgroups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CloudFormation do | |
Description("Ingogo Production Environment - Security Groups") | |
AWSTemplateFormatVersion("2010-09-09") | |
Parameter("VpcId") do | |
Type("String") | |
Default("vpc-a2ee78c7") | |
end | |
Parameter("environment") do | |
Type("String") | |
Default environment | |
end | |
Parameter("NatGroupName") do | |
Type("String") | |
Default("Nat Security Group") | |
end | |
Parameter("BatchGroupName") do | |
Type("String") | |
Default("Batch Security Group") | |
end | |
Parameter("BatchelbGroupName") do | |
Type("String") | |
Default("Batchelb Security Group") | |
end | |
Parameter("BatchelbGroupNameDescription") do | |
Type("String") | |
Default("Batchelb Security Group") | |
end | |
Parameter("BatchGroupDescription") do | |
Type("String") | |
Default("Security Group For admin Instances") | |
end | |
Parameter("TrainingGroupName") do | |
Type("String") | |
Default("Training Security Group") | |
end | |
Parameter("TrainingelbGroupName") do | |
Type("String") | |
Default("Trainingelb Security Group") | |
end | |
Parameter("TrainingelbGroupNameDescription") do | |
Type("String") | |
Default("Trainingelb Security Group") | |
end | |
Parameter("TrainingGroupDescription") do | |
Type("String") | |
Default("Security Group For admin Instances") | |
end | |
Parameter("NatGroupDescription") do | |
Type("String") | |
Default("Security Group For Nat Instances") | |
end | |
Parameter("ApiGroupName") do | |
Type("String") | |
Default("Api Security Group") | |
end | |
Parameter("ApiGroupDescription") do | |
Type("String") | |
Default("Security Group For Api Instances") | |
end | |
Parameter("ProxyGroupName") do | |
Type("String") | |
Default("Proxy Security Group") | |
end | |
Parameter("ProxyGroupDescription") do | |
Type("String") | |
Default("Security Group For Proxy Instances") | |
end | |
Parameter("RedisGroupName") do | |
Type("String") | |
Default("Redis Security Group") | |
end | |
Parameter("RedisGroupDescription") do | |
Type("String") | |
Default("Security Group For Redis Instances") | |
end | |
Parameter("MysqlServerGroupName") do | |
Type("String") | |
Default("Mysql Server Security Group") | |
end | |
Parameter("MysqlServerGroupDescription") do | |
Type("String") | |
Default("Mysql Server Security Group") | |
end | |
Parameter("MysqlUserGroupName") do | |
Type("String") | |
Default("Mysql User Security Group") | |
end | |
Parameter("MysqlUserGroupDescription") do | |
Type("String") | |
Default("Security Group For Mysql Instances") | |
end | |
Parameter("ESgeoServerGroupName") do | |
Type("String") | |
Default("ESgeo Server Security Group") | |
end | |
Parameter("ESgeoServerGroupDescription") do | |
Type("String") | |
Default("ESgeo Server Security Group") | |
end | |
Parameter("ESgeoUserGroupName") do | |
Type("String") | |
Default("ESgeo Security Group") | |
end | |
Parameter("ESgeoUserGroupDescription") do | |
Type("String") | |
Default("ESgeo Security Group to attach to Instances") | |
end | |
Parameter("BastionServerGroupName") do | |
Type("String") | |
Default("Bastion Server Security Group") | |
end | |
Parameter("BastionServerGroupDescription") do | |
Type("String") | |
Default("Bastion Server Security Group") | |
end | |
Parameter("BastionUserGroupName") do | |
Type("String") | |
Default("Bastion Security Group") | |
end | |
Parameter("BastionUserGroupDescription") do | |
Type("String") | |
Default("Bastion Security Group to attach to Instances") | |
end | |
Parameter("ApielbGroupName") do | |
Type("String") | |
Default("Apielb Security Group") | |
end | |
Parameter("ApielbGroupDescription") do | |
Type("String") | |
Default("Security Group For Apielb Instances") | |
end | |
Parameter("AdminGroupName") do | |
Type("String") | |
Default("Admin Security Group") | |
end | |
Parameter("AdminelbGroupName") do | |
Type("String") | |
Default("adminelb Security Group") | |
end | |
Parameter("AdminGroupDescription") do | |
Type("String") | |
Default("Security Group For admin Instances") | |
end | |
Parameter("ProxyelbGroupName") do | |
Type("String") | |
Default("Proxyelb Security Group") | |
end | |
Parameter("ProxyelbGroupDescription") do | |
Type("String") | |
Default("Security Group For Proxyelb Instances") | |
end | |
Resource("NatGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("NatGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("NatGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BatchGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("BatchGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("BatchelbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BatchGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("TrainingGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("TrainingGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("TrainingelbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("TrainingGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BuildSecurityGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "SSH access for Build Server") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
} | |
]) | |
end | |
Resource("ApiGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ApiGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("ApielbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ApiGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("AdminGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("AdminGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("AdminelbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("AdminGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ProxyGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ProxyGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("ProxyelbGroup"), | |
"ToPort" => 80 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ProxyGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("RedisServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("RedisGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("RedisGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("RedisServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("RedisServerGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "6379") | |
Property("ToPort", "6379") | |
Property("SourceSecurityGroupId", Ref("RedisUserGroup")) | |
end | |
Resource("RedisUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("RedisGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("RedisGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("RedisUserGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("RedisUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "6379") | |
Property("ToPort", "6379") | |
Property("DestinationSecurityGroupId", Ref("RedisServerGroup")) | |
end | |
Resource("MysqlUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("MysqlUserGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("MysqlUserGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("MysqlUserGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("MysqlUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 3306) | |
Property("ToPort", 3306) | |
Property("DestinationSecurityGroupId", Ref("MysqlServerGroup")) | |
end | |
Resource("MysqlServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("MysqlServerGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("MysqlServerGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("MysqlServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("MysqlServerGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 3306) | |
Property("ToPort", 3306) | |
Property("SourceSecurityGroupId", Ref("MysqlUserGroup")) | |
end | |
Resource("ApielbGroupGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("ApielbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("ApiGroup")) | |
end | |
Resource("BastionUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("BastionUserGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BastionUserGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BastionUserGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("BastionUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 22) | |
Property("ToPort", 22) | |
Property("SourceSecurityGroupId", Ref("BastionServerGroup")) | |
end | |
Resource("BastionServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("BastionServerGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BastionServerGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BastionServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("BastionServerGroup")) | |
Property("CidrIp", "172.31.224.0/19") | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 22) | |
Property("ToPort", 22) | |
end | |
Resource("ESgeoUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ESgeoUserGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ESgeoUserGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ESgeoUserGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("ESgeoUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 0) | |
Property("ToPort", 65535) | |
Property("SourceSecurityGroupId", Ref("ESgeoUserGroup")) | |
end | |
Resource("ESgeoUserGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("ESgeoUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 0) | |
Property("ToPort", 65535) | |
Property("DestinationSecurityGroupId", Ref("ESgeoServerGroup")) | |
end | |
Resource("ESgeoServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ESgeoServerGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ESgeoServerGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ESgeoServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("ESgeoServerGroup")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
"FromPort" => "9200", | |
"IpProtocol" => "tcp", | |
"ToPort" => "9200" | |
}, | |
{ | |
"SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
"FromPort" => "9300", | |
"IpProtocol" => "tcp", | |
"ToPort" => "9300" | |
} | |
]) | |
end | |
Resource("ApielbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ApielbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BatchelbGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("BatchelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("BatchGroup")) | |
end | |
Resource("TrainingelbGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("TrainingelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("TrainingGroup")) | |
end | |
Resource("AdminelbGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("AdminelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("AdminGroup")) | |
end | |
Resource("AdminelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("AdminelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BatchelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BatchelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("TrainingelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("TrainingelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ProxyelbGroupGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("ProxyelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "80") | |
Property("ToPort", "80") | |
Property("DestinationSecurityGroupId", Ref("ProxyGroup")) | |
end | |
Resource("ProxyelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ProxyelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("bpmanagement") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "Allow BP Management") | |
Property("VpcId", Ref("VpcId")) | |
end | |
Resource("bpmanagement103232023port22") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "22") | |
Property("ToPort", "22") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement103232023port80") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "80") | |
Property("ToPort", "80") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement103232023port443") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "443") | |
Property("ToPort", "443") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement103232023port3389") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "3389") | |
Property("ToPort", "3389") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagementicmp") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "0.0.0.0/0") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "icmp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement52311udp") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.85.31/32") | |
Property("FromPort", "52311") | |
Property("ToPort", "52311") | |
Property("IpProtocol", "udp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement52311tcp") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.85.31/32") | |
Property("FromPort", "52311") | |
Property("ToPort", "52311") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement4118") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.78.96/29") | |
Property("FromPort", "4118") | |
Property("ToPort", "4118") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement20244981132everything") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "202.44.98.11/32") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "-1") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement1025416024everything") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.254.16.0/24") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "-1") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement192168786427everything") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.78.64/27") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "-1") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Output("NatGroupId") do | |
Value(Ref("NatGroup")) | |
end | |
Output("ApiGroupId") do | |
Value(Ref("ApiGroup")) | |
end | |
Output("AdminelbGroupId") do | |
Value(Ref("AdminelbGroup")) | |
end | |
Output("AdminGroupId") do | |
Value(Ref("AdminGroup")) | |
end | |
Output("ProxyGroupId") do | |
Value(Ref("ProxyGroup")) | |
end | |
Output("ProxyelbGroupId") do | |
Value(Ref("ProxyelbGroup")) | |
end | |
Output("RedisUserGroupId") do | |
Value(Ref("RedisUserGroup")) | |
end | |
Output("RedisSeverGroupId") do | |
Value(Ref("RedisServerGroup")) | |
end | |
Output("MysqlUserGroupId") do | |
Value(Ref("MysqlUserGroup")) | |
end | |
Output("MysqlServerGroupId") do | |
Value(Ref("MysqlServerGroup")) | |
end | |
Output("ApielbGroupId") do | |
Value(Ref("ApielbGroup")) | |
end | |
Output("VpcId") do | |
Value(Ref("VpcId")) | |
end | |
Output("BatchelbGroupId") do | |
Value(Ref("BatchelbGroup")) | |
end | |
Output("BatchGroupId") do | |
Value(Ref("BatchGroup")) | |
end | |
Output("TrainingelbGroupId") do | |
Value(Ref("TrainingelbGroup")) | |
end | |
Output("TrainingGroupId") do | |
Value(Ref("TrainingGroup")) | |
end | |
Output("BastionUserGroupId") do | |
Value(Ref("BastionUserGroup")) | |
end | |
Output("BastionServerGroupId") do | |
Value(Ref("BastionServerGroup")) | |
end | |
Output("ESgeoUserGroupId") do | |
Value(Ref("ESgeoUserGroup")) | |
end | |
Output("ESgeoServerGroupId") do | |
Value(Ref("ESgeoServerGroup")) | |
end | |
Output("BuildSecurityGroup") do | |
Value(Ref("BuildSecurityGroup")) | |
end | |
Output("BPManagementGroupId") do | |
Value(Ref("bpmanagement")) | |
end | |
end | |
CloudFormation do | |
Description("Ingogo Production Environment - Security Groups") | |
AWSTemplateFormatVersion("2010-09-09") | |
Parameter("VpcId") do | |
Type("String") | |
Default("vpc-a2ee78c7") | |
end | |
Parameter("environment") do | |
Type("String") | |
Default environment | |
end | |
Parameter("NatGroupName") do | |
Type("String") | |
Default("Nat Security Group") | |
end | |
Parameter("BatchGroupName") do | |
Type("String") | |
Default("Batch Security Group") | |
end | |
Parameter("BatchelbGroupName") do | |
Type("String") | |
Default("Batchelb Security Group") | |
end | |
Parameter("BatchelbGroupNameDescription") do | |
Type("String") | |
Default("Batchelb Security Group") | |
end | |
Parameter("BatchGroupDescription") do | |
Type("String") | |
Default("Security Group For admin Instances") | |
end | |
Parameter("TrainingGroupName") do | |
Type("String") | |
Default("Training Security Group") | |
end | |
Parameter("TrainingelbGroupName") do | |
Type("String") | |
Default("Trainingelb Security Group") | |
end | |
Parameter("TrainingelbGroupNameDescription") do | |
Type("String") | |
Default("Trainingelb Security Group") | |
end | |
Parameter("TrainingGroupDescription") do | |
Type("String") | |
Default("Security Group For admin Instances") | |
end | |
Parameter("NatGroupDescription") do | |
Type("String") | |
Default("Security Group For Nat Instances") | |
end | |
Parameter("ApiGroupName") do | |
Type("String") | |
Default("Api Security Group") | |
end | |
Parameter("ApiGroupDescription") do | |
Type("String") | |
Default("Security Group For Api Instances") | |
end | |
Parameter("ProxyGroupName") do | |
Type("String") | |
Default("Proxy Security Group") | |
end | |
Parameter("ProxyGroupDescription") do | |
Type("String") | |
Default("Security Group For Proxy Instances") | |
end | |
Parameter("RedisGroupName") do | |
Type("String") | |
Default("Redis Security Group") | |
end | |
Parameter("RedisGroupDescription") do | |
Type("String") | |
Default("Security Group For Redis Instances") | |
end | |
Parameter("MysqlServerGroupName") do | |
Type("String") | |
Default("Mysql Server Security Group") | |
end | |
Parameter("MysqlServerGroupDescription") do | |
Type("String") | |
Default("Mysql Server Security Group") | |
end | |
Parameter("MysqlUserGroupName") do | |
Type("String") | |
Default("Mysql User Security Group") | |
end | |
Parameter("MysqlUserGroupDescription") do | |
Type("String") | |
Default("Security Group For Mysql Instances") | |
end | |
Parameter("ESgeoServerGroupName") do | |
Type("String") | |
Default("ESgeo Server Security Group") | |
end | |
Parameter("ESgeoServerGroupDescription") do | |
Type("String") | |
Default("ESgeo Server Security Group") | |
end | |
Parameter("ESgeoUserGroupName") do | |
Type("String") | |
Default("ESgeo Security Group") | |
end | |
Parameter("ESgeoUserGroupDescription") do | |
Type("String") | |
Default("ESgeo Security Group to attach to Instances") | |
end | |
Parameter("BastionServerGroupName") do | |
Type("String") | |
Default("Bastion Server Security Group") | |
end | |
Parameter("BastionServerGroupDescription") do | |
Type("String") | |
Default("Bastion Server Security Group") | |
end | |
Parameter("BastionUserGroupName") do | |
Type("String") | |
Default("Bastion Security Group") | |
end | |
Parameter("BastionUserGroupDescription") do | |
Type("String") | |
Default("Bastion Security Group to attach to Instances") | |
end | |
Parameter("ApielbGroupName") do | |
Type("String") | |
Default("Apielb Security Group") | |
end | |
Parameter("ApielbGroupDescription") do | |
Type("String") | |
Default("Security Group For Apielb Instances") | |
end | |
Parameter("AdminGroupName") do | |
Type("String") | |
Default("Admin Security Group") | |
end | |
Parameter("AdminelbGroupName") do | |
Type("String") | |
Default("adminelb Security Group") | |
end | |
Parameter("AdminGroupDescription") do | |
Type("String") | |
Default("Security Group For admin Instances") | |
end | |
Parameter("ProxyelbGroupName") do | |
Type("String") | |
Default("Proxyelb Security Group") | |
end | |
Parameter("ProxyelbGroupDescription") do | |
Type("String") | |
Default("Security Group For Proxyelb Instances") | |
end | |
Resource("NatGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("NatGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("NatGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BatchGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("BatchGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("BatchelbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BatchGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("TrainingGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("TrainingGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("TrainingelbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("TrainingGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BuildSecurityGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "SSH access for Build Server") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => "22", | |
"IpProtocol" => "tcp", | |
"ToPort" => "22" | |
} | |
]) | |
end | |
Resource("ApiGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ApiGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("ApielbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ApiGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("AdminGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("AdminGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 8080, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("AdminelbGroup"), | |
"ToPort" => 8080 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("AdminGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ProxyGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ProxyGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"SourceSecurityGroupId" => Ref("ProxyelbGroup"), | |
"ToPort" => 80 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ProxyGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("RedisServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("RedisGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("RedisGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("RedisServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("RedisServerGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "6379") | |
Property("ToPort", "6379") | |
Property("SourceSecurityGroupId", Ref("RedisUserGroup")) | |
end | |
Resource("RedisUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("RedisGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("RedisGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("RedisUserGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("RedisUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "6379") | |
Property("ToPort", "6379") | |
Property("DestinationSecurityGroupId", Ref("RedisServerGroup")) | |
end | |
Resource("MysqlUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("MysqlUserGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("MysqlUserGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("MysqlUserGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("MysqlUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 3306) | |
Property("ToPort", 3306) | |
Property("DestinationSecurityGroupId", Ref("MysqlServerGroup")) | |
end | |
Resource("MysqlServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("MysqlServerGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("MysqlServerGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("MysqlServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("MysqlServerGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 3306) | |
Property("ToPort", 3306) | |
Property("SourceSecurityGroupId", Ref("MysqlUserGroup")) | |
end | |
Resource("ApielbGroupGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("ApielbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("ApiGroup")) | |
end | |
Resource("BastionUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("BastionUserGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BastionUserGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BastionUserGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("BastionUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 22) | |
Property("ToPort", 22) | |
Property("SourceSecurityGroupId", Ref("BastionServerGroup")) | |
end | |
Resource("BastionServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("BastionServerGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BastionServerGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BastionServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("BastionServerGroup")) | |
Property("CidrIp", "172.31.224.0/19") | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 22) | |
Property("ToPort", 22) | |
end | |
Resource("ESgeoUserGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ESgeoUserGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ESgeoUserGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ESgeoUserGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("ESgeoUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 0) | |
Property("ToPort", 65535) | |
Property("SourceSecurityGroupId", Ref("ESgeoUserGroup")) | |
end | |
Resource("ESgeoUserGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("ESgeoUserGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 0) | |
Property("ToPort", 65535) | |
Property("DestinationSecurityGroupId", Ref("ESgeoServerGroup")) | |
end | |
Resource("ESgeoServerGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", Ref("ESgeoServerGroupDescription")) | |
Property("VpcId", Ref("VpcId")) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ESgeoServerGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ESgeoServerGroupIngress") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("GroupId", Ref("ESgeoServerGroup")) | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
"FromPort" => "9200", | |
"IpProtocol" => "tcp", | |
"ToPort" => "9200" | |
}, | |
{ | |
"SourceSecurityGroupId" => Ref("ESgeoUserGroup"), | |
"FromPort" => "9300", | |
"IpProtocol" => "tcp", | |
"ToPort" => "9300" | |
} | |
]) | |
end | |
Property("IpProtocol", "tcp") | |
Property("FromPort", 0) | |
Property("ToPort", 65535) | |
Property("SourceSecurityGroupId", Ref("ESgeoUserGroup")) | |
end | |
Resource("ApielbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ApielbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BatchelbGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("BatchelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("BatchGroup")) | |
end | |
Resource("TrainingelbGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("TrainingelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("TrainingGroup")) | |
end | |
Resource("AdminelbGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("AdminelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "8080") | |
Property("ToPort", "8080") | |
Property("DestinationSecurityGroupId", Ref("AdminGroup")) | |
end | |
Resource("AdminelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("AdminelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("BatchelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("BatchelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("TrainingelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("TrainingelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("ProxyelbGroupGroupEgress") do | |
Type("AWS::EC2::SecurityGroupEgress") | |
Property("GroupId", Ref("ProxyelbGroup")) | |
Property("IpProtocol", "tcp") | |
Property("FromPort", "80") | |
Property("ToPort", "80") | |
Property("DestinationSecurityGroupId", Ref("ProxyGroup")) | |
end | |
Resource("ProxyelbGroup") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "LoadBalancer Public Security Group") | |
Property("VpcId", Ref("VpcId")) | |
Property("SecurityGroupIngress", [ | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 80, | |
"IpProtocol" => "tcp", | |
"ToPort" => 80 | |
}, | |
{ | |
"CidrIp" => "0.0.0.0/0", | |
"FromPort" => 443, | |
"IpProtocol" => "tcp", | |
"ToPort" => 443 | |
} | |
]) | |
Property("Tags", [ | |
{ | |
"Key" => "Name", | |
"Value" => Ref("ProxyelbGroupName") | |
}, | |
{ | |
"Key" => "Environment", | |
"Value" => Ref("environment") | |
} | |
]) | |
end | |
Resource("bpmanagement") do | |
Type("AWS::EC2::SecurityGroup") | |
Property("GroupDescription", "Allow BP Management") | |
Property("VpcId", Ref("VpcId")) | |
end | |
Resource("bpmanagement103232023port22") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "22") | |
Property("ToPort", "22") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement103232023port80") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "80") | |
Property("ToPort", "80") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement103232023port443") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "443") | |
Property("ToPort", "443") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement103232023port3389") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.32.32.0/23") | |
Property("FromPort", "3389") | |
Property("ToPort", "3389") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagementicmp") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "0.0.0.0/0") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "icmp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement52311udp") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.85.31/32") | |
Property("FromPort", "52311") | |
Property("ToPort", "52311") | |
Property("IpProtocol", "udp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement52311tcp") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.85.31/32") | |
Property("FromPort", "52311") | |
Property("ToPort", "52311") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement4118") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.78.96/29") | |
Property("FromPort", "4118") | |
Property("ToPort", "4118") | |
Property("IpProtocol", "tcp") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement20244981132everything") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "202.44.98.11/32") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "-1") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement1025416024everything") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "10.254.16.0/24") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "-1") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Resource("bpmanagement192168786427everything") do | |
Type("AWS::EC2::SecurityGroupIngress") | |
Property("CidrIp", "192.168.78.64/27") | |
Property("FromPort", "-1") | |
Property("ToPort", "-1") | |
Property("IpProtocol", "-1") | |
Property("GroupId", Ref("bpmanagement")) | |
end | |
Output("NatGroupId") do | |
Value(Ref("NatGroup")) | |
end | |
Output("ApiGroupId") do | |
Value(Ref("ApiGroup")) | |
end | |
Output("AdminelbGroupId") do | |
Value(Ref("AdminelbGroup")) | |
end | |
Output("AdminGroupId") do | |
Value(Ref("AdminGroup")) | |
end | |
Output("ProxyGroupId") do | |
Value(Ref("ProxyGroup")) | |
end | |
Output("ProxyelbGroupId") do | |
Value(Ref("ProxyelbGroup")) | |
end | |
Output("RedisUserGroupId") do | |
Value(Ref("RedisUserGroup")) | |
end | |
Output("RedisSeverGroupId") do | |
Value(Ref("RedisServerGroup")) | |
end | |
Output("MysqlUserGroupId") do | |
Value(Ref("MysqlUserGroup")) | |
end | |
Output("MysqlServerGroupId") do | |
Value(Ref("MysqlServerGroup")) | |
end | |
Output("ApielbGroupId") do | |
Value(Ref("ApielbGroup")) | |
end | |
Output("VpcId") do | |
Value(Ref("VpcId")) | |
end | |
Output("BatchelbGroupId") do | |
Value(Ref("BatchelbGroup")) | |
end | |
Output("BatchGroupId") do | |
Value(Ref("BatchGroup")) | |
end | |
Output("TrainingelbGroupId") do | |
Value(Ref("TrainingelbGroup")) | |
end | |
Output("TrainingGroupId") do | |
Value(Ref("TrainingGroup")) | |
end | |
Output("BastionUserGroupId") do | |
Value(Ref("BastionUserGroup")) | |
end | |
Output("BastionServerGroupId") do | |
Value(Ref("BastionServerGroup")) | |
end | |
Output("ESgeoUserGroupId") do | |
Value(Ref("ESgeoUserGroup")) | |
end | |
Output("ESgeoServerGroupId") do | |
Value(Ref("ESgeoServerGroup")) | |
end | |
Output("BuildSecurityGroup") do | |
Value(Ref("BuildSecurityGroup")) | |
end | |
Output("BPManagementGroupId") do | |
Value(Ref("bpmanagement")) | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment