web-development/strapi-elb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updating VPC CF template

Browse Source
This commit is contained in:
dtomlinson
2020-05-01 19:44:14 +01:00
parent c97321790b
commit aaae536003
1 changed files with 85 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
.cloudformation/02-stack-vpc.yaml
View File

@@ -7,15 +7,77 @@ Resources:
CidrBlock: "172.31.0.0/16" CidrBlock: "172.31.0.0/16"
EnableDnsHostnames: true EnableDnsHostnames: true
EnableDnsSupport: true EnableDnsSupport: true
PublicSecurityGroup: ELBSecurityGroup:
Type: AWS::EC2::SecurityGroup Type: AWS::EC2::SecurityGroup
Properties: Properties:
GroupName: !Sub "${AWS::StackName}-PublicSecurityGroup" GroupName: !Sub "${AWS::StackName}-ELBSecurityGroup"
GroupDescription: Security group for the EC2 instances. This group does GroupDescription: Security group for the Elastic Load Balancer.
not set any ingress/egress permissions as Elastic Beanstalk will create This permits inbound 80/443 from any IP, to 80/443 to the
these for us. This group will be attached to our EC2 instances, and the Auto Scaling security group.
RDS instance will permit incoming traffic from this group only.
VpcId: !Ref PublicVPC VpcId: !Ref PublicVPC
ELBSecurityGroupIngressHttp:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Ingress for ELBSecurityGroup for HTTP.
GroupId: !Ref ELBSecurityGroup
IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
ELBSecurityGroupIngressHttps:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Ingress for ELBSecurityGroup for HTTPS.
GroupId: !Ref ELBSecurityGroup
IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
ELBSecurityGroupEgressHttp:
Type: AWS::EC2::SecurityGroupEgress
Properties:
Description: Egress for ELBSecurityGroup for HTTP.
GroupId: !Ref ELBSecurityGroup
IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref ASSecurityGroup
ELBSecurityGroupEgressHttps:
Type: AWS::EC2::SecurityGroupEgress
Properties:
Description: Egress for ELBSecurityGroup for HTTPS.
GroupId: !Ref ELBSecurityGroup
IpProtocol: tcp
FromPort: 443
ToPort: 443
SourceSecurityGroupId: !Ref ASSecurityGroup
ASSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub "${AWS::StackName}-ASSecurityGroup"
GroupDescription: Security group for the Auto Scaler. This security group
will be applied to any EC2 instances that the Auto Scaler creates. This
group permits inbound 80/443 from the Elastic Load Balancer security
group.
VpcId: !Ref PublicVPC
ASSecurityGroupIngressHttp:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Ingress for ASSecurityGroup for HTTP.
GroupId: !Ref ASSecurityGroup
IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref ELBSecurityGroup
ASSecurityGroupIngressHttps:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Ingress for ASSecurityGroup for HTTPS.
GroupId: !Ref ASSecurityGroup
IpProtocol: tcp
FromPort: 443
ToPort: 443
SourceSecurityGroupId: !Ref ELBSecurityGroup
PublicSubnet0: PublicSubnet0:
Type: AWS::EC2::Subnet Type: AWS::EC2::Subnet
Properties: Properties:
@@ -81,32 +143,37 @@ Resources:
RouteTableId: !Ref PublicRouteTable RouteTableId: !Ref PublicRouteTable
Outputs: Outputs:
PublicVPCID: PublicVPCID:
Description: The VPC ID. Description: The VPC for the environment.
Value: !Ref PublicVPC Value: !Ref PublicVPC
Export: Export:
Name: !Sub "${AWS::StackName}-PublicVPC" Name: !Sub "${AWS::StackName}-PublicVPC"
PublicSecurityGroupId: ELBSecurityGroupOutput:
Description: The EC2 security group ID. Description: ELB Security Group
Value: !Ref PublicSecurityGroup Value: !Ref ELBSecurityGroup
Export: Export:
Name: !Sub "${AWS::StackName}-PublicSecurityGroup" Name: !Sub "${AWS::StackName}-ELBSecurityGroup"
PublicVPCIDDefaultSecurityGroup: ASSecurityGroupOutput:
Description: The VPC default security group. Description: AS Security Group
Value: !GetAtt PublicVPC.DefaultSecurityGroup Value: !Ref ASSecurityGroup
Export: Export:
Name: !Sub "${AWS::StackName}-PublicVPCIDDefaultSecurityGroup" Name: !Sub "${AWS::StackName}-ASSecurityGroup"
# PublicVPCIDDefaultSecurityGroup:
# Description: The VPC default security group.
# Value: !GetAtt PublicVPC.DefaultSecurityGroup
# Export:
# Name: !Sub "${AWS::StackName}-PublicVPCIDDefaultSecurityGroup"
PublicSubnet0ID: PublicSubnet0ID:
Description: The ID of the subnet. Description: The public subnet 0.
Value: !Ref PublicSubnet0 Value: !Ref PublicSubnet0
Export: Export:
Name: !Sub "${AWS::StackName}-PublicSubnet0" Name: !Sub "${AWS::StackName}-PublicSubnet0"
PublicSubnet1ID: PublicSubnet1ID:
Description: The ID of the subnet. Description: The public subnet 1.
Value: !Ref PublicSubnet1 Value: !Ref PublicSubnet1
Export: Export:
Name: !Sub "${AWS::StackName}-PublicSubnet1" Name: !Sub "${AWS::StackName}-PublicSubnet1"
PublicSubnet2ID: PublicSubnet2ID:
Description: The ID of the subnet. Description: The public subnet 2.
Value: !Ref PublicSubnet2 Value: !Ref PublicSubnet2
Export: Export:
Name: !Sub "${AWS::StackName}-PublicSubnet2" Name: !Sub "${AWS::StackName}-PublicSubnet2"