113 lines
2.5 KiB
YAML
113 lines
2.5 KiB
YAML
---
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Description: Sgs and Roles
|
|
|
|
Parameters:
|
|
|
|
VpcId:
|
|
Type: AWS::EC2::VPC::Id
|
|
Description: VpcId of your existing Virtual Private Cloud (VPC)
|
|
VpcSgId:
|
|
Type: String
|
|
Description: Default VPC Sg the deploy creates
|
|
# CVpnSgId:
|
|
# Type: AWS::EC2::SecurityGroup::Id
|
|
Environment:
|
|
Type: String
|
|
# OnPremPlId:
|
|
# Type: String
|
|
# Description: Id of On-Prem prefix list
|
|
|
|
Resources:
|
|
|
|
ToolsSg:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: For video instances registered with BackendLb
|
|
SecurityGroupIngress:
|
|
# - IpProtocol: -1
|
|
# SourcePrefixListId: !Ref OnPremPlId
|
|
# Description: OnPremPlId
|
|
# - IpProtocol: -1
|
|
# SourceSecurityGroupId: !Ref CVpnSgId
|
|
# Description: CVpnSgId
|
|
- IpProtocol: -1
|
|
SourceSecurityGroupId: !Ref VpcSgId
|
|
Description: VpcSgId
|
|
- IpProtocol: tcp
|
|
FromPort: 80
|
|
ToPort: 80
|
|
CidrIp: 0.0.0.0/0
|
|
Description: HTTP
|
|
- IpProtocol: tcp
|
|
FromPort: 443
|
|
ToPort: 443
|
|
CidrIp: 0.0.0.0/0
|
|
Description: HTTPS
|
|
VpcId: !Ref VpcId
|
|
|
|
# Tools Role
|
|
|
|
ToolsRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service:
|
|
- ec2.amazonaws.com
|
|
Action:
|
|
- sts:AssumeRole
|
|
Path: "/"
|
|
ManagedPolicyArns:
|
|
- arn:aws:iam::aws:policy/PowerUserAccess
|
|
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
|
|
|
|
ToolsInstanceProfile:
|
|
Type: AWS::IAM::InstanceProfile
|
|
Properties:
|
|
Path: "/"
|
|
Roles:
|
|
- !Ref ToolsRole
|
|
|
|
|
|
Outputs:
|
|
|
|
#
|
|
|
|
ToolsSgId:
|
|
Description: Sg Id - Tools
|
|
Value: !Ref ToolsSg
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-ToolsSgId"
|
|
|
|
#
|
|
|
|
ToolsRoleName:
|
|
Description: Tools Role Name
|
|
Value: !Ref ToolsRole
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-ToolsRoleName"
|
|
|
|
ToolsRoleArn:
|
|
Description: Tools Role Arn
|
|
Value: !GetAtt ToolsRole.Arn
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-ToolsRoleArn"
|
|
|
|
ToolsInstanceProfileName:
|
|
Description: Instance Role Name for Tools Role
|
|
Value: !Ref ToolsInstanceProfile
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-ToolsInstanceProfileName"
|
|
|
|
ToolsInstanceProfileArn:
|
|
Description: Instance Role Arn for Tools Role
|
|
Value: !GetAtt ToolsInstanceProfile.Arn
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-ToolsInstanceProfileArn"
|
|
|
|
|
|
...
|