diff --git a/.cloudformation/02-stack-vpc.yaml b/.cloudformation/02-stack-vpc.yaml index 938c339..9a77ba8 100644 --- a/.cloudformation/02-stack-vpc.yaml +++ b/.cloudformation/02-stack-vpc.yaml @@ -7,6 +7,15 @@ Resources: CidrBlock: "172.31.0.0/16" EnableDnsHostnames: true EnableDnsSupport: true + PublicSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupName: !Sub "${AWS::StackName}-PublicSecurityGroup" + GroupDescription: Security group for the EC2 instances. This group does + not set any ingress/egress permissions as Elastic Beanstalk will create + these for us. This group will be attached to our EC2 instances, and the + RDS instance will permit incoming traffic from this group only. + VpcId: !Ref PublicVPC PublicSubnet0: Type: AWS::EC2::Subnet Properties: @@ -76,6 +85,11 @@ Outputs: Value: !Ref PublicVPC Export: Name: !Sub "${AWS::StackName}-PublicVPC" + PublicSecurityGroupId: + Description: The EC2 security group ID. + Value: !Ref PublicSecurityGroup + Export: + Name: !Sub "${AWS::StackName}-PublicSecurityGroup" PublicVPCIDDefaultSecurityGroup: Description: The VPC default security group. Value: !GetAtt PublicVPC.DefaultSecurityGroup diff --git a/.cloudformation/03-stack-rdsinstance.yaml b/.cloudformation/03-stack-rdsinstance.yaml index f0b5187..af42ca0 100644 --- a/.cloudformation/03-stack-rdsinstance.yaml +++ b/.cloudformation/03-stack-rdsinstance.yaml @@ -27,10 +27,15 @@ Resources: VpcId: Fn::ImportValue: !Sub "${StackName}-PublicVPC" SecurityGroupIngress: - IpProtocol: tcp - FromPort: 5432 - ToPort: 5432 - CidrIp: 82.6.205.148 + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: 82.6.205.148/32 + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + SourceSecurityGroupId: + Fn::ImportValue: !Sub "${StackName}-PublicSecurityGroup" RDSDBInstance: Type: AWS::RDS::DBInstance Properties: