updating CF templates

.cloudformation/02-stack-vpc.yaml

@@ -7,6 +7,15 @@ Resources:
       CidrBlock: "172.31.0.0/16"
       EnableDnsHostnames: true
       EnableDnsSupport: true
+  PublicSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: !Sub "${AWS::StackName}-PublicSecurityGroup"
+      GroupDescription: Security group for the EC2 instances. This group does
+        not set any ingress/egress permissions as Elastic Beanstalk will create
+        these for us. This group will be attached to our EC2 instances, and the
+        RDS instance will permit incoming traffic from this group only.
+      VpcId: !Ref PublicVPC
   PublicSubnet0:
     Type: AWS::EC2::Subnet
     Properties:
@@ -76,6 +85,11 @@ Outputs:
     Value: !Ref PublicVPC
     Export:
       Name: !Sub "${AWS::StackName}-PublicVPC"
+  PublicSecurityGroupId:
+    Description: The EC2 security group ID.
+    Value: !Ref PublicSecurityGroup
+    Export:
+      Name: !Sub "${AWS::StackName}-PublicSecurityGroup"
   PublicVPCIDDefaultSecurityGroup:
     Description: The VPC default security group.
     Value: !GetAtt PublicVPC.DefaultSecurityGroup

.cloudformation/03-stack-rdsinstance.yaml

@@ -27,10 +27,15 @@ Resources:
       VpcId:
         Fn::ImportValue: !Sub "${StackName}-PublicVPC"
       SecurityGroupIngress:
-        IpProtocol: tcp
+        - IpProtocol: tcp
           FromPort: 5432
           ToPort: 5432
-        CidrIp: 82.6.205.148
+          CidrIp: 82.6.205.148/32
+        - IpProtocol: tcp
+          FromPort: 5432
+          ToPort: 5432
+          SourceSecurityGroupId:
+            Fn::ImportValue: !Sub "${StackName}-PublicSecurityGroup"
   RDSDBInstance:
     Type: AWS::RDS::DBInstance
     Properties: