We will set up security group which is linked to provisioned VPC exactly same way of previous post.
The security group would be for ssh and web connection with port 22 and 80 respectively.
In below template, "NetworkStackNameParameter" is defined as we can specify provisioned VPC stack "cf-vpc-igw" during subnets stack creation.
On outputs, the security group is exported as well.
{
"AWSTemplateFormatVersion": "2010-09-09","Description" : "Subnets.",
"Parameters" : {
"NetworkStackNameParameter": {
"Type" : "String"
}
},
"Resources" : {
"WebServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP ingress",
"VpcId" : { "Fn::ImportValue" : {"Fn::Sub": "${NetworkStackNameParameter}-VPCID" } },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}, {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : "0.0.0.0/0"
} ],
"Tags" : [ { "Key" : "Name", "Value" : "WebSecurityGroup"} ]
}
}
},
"Outputs" : {
"WebServerSecurityGroup" : {
"Description" : "The subnet ID to use for public web servers",
"Value" : { "Ref" : "WebServerSecurityGroup" },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-WebServerSecurityGroup" }}
}
}
}
See more detailed information of each element on here.
Here's a video tutorial for this.
No comments:
Post a Comment