|
|
@@ -1,5 +1,40 @@
|
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
|
Resources:
|
|
|
+ RootRole:
|
|
|
+ Type: 'AWS::IAM::Role'
|
|
|
+ Properties:
|
|
|
+ AssumeRolePolicyDocument:
|
|
|
+ Version: 2012-10-17
|
|
|
+ Statement:
|
|
|
+ - Effect: Allow
|
|
|
+ Principal:
|
|
|
+ Service:
|
|
|
+ - lambda.amazonaws.com
|
|
|
+ - ec2.amazonaws.com.cn
|
|
|
+ - ecs-tasks.amazonaws.com
|
|
|
+ - vpc-flow-logs.amazonaws.com
|
|
|
+ Action:
|
|
|
+ - 'sts:AssumeRole'
|
|
|
+ Path: /
|
|
|
+ RoleName: !Ref roleName
|
|
|
+ Metadata:
|
|
|
+ 'AWS::CloudFormation::Designer':
|
|
|
+ id: 5a809822-8fad-40ca-bd0f-7aae64ae7b4a
|
|
|
+ RolePolicies:
|
|
|
+ Type: 'AWS::IAM::Policy'
|
|
|
+ Properties:
|
|
|
+ PolicyName: root
|
|
|
+ PolicyDocument:
|
|
|
+ Version: 2012-10-17
|
|
|
+ Statement:
|
|
|
+ - Effect: Allow
|
|
|
+ Action: '*'
|
|
|
+ Resource: '*'
|
|
|
+ Roles:
|
|
|
+ - Ref: RootRole
|
|
|
+ Metadata:
|
|
|
+ 'AWS::CloudFormation::Designer':
|
|
|
+ id: 41ab1589-d187-45a1-99aa-379280c9f643
|
|
|
vpc1:
|
|
|
Type: 'AWS::EC2::VPC'
|
|
|
Properties:
|
|
|
@@ -316,6 +351,54 @@ Resources:
|
|
|
- CidrIp: 0.0.0.0/0
|
|
|
IpProtocol: '-1'
|
|
|
VpcId: !Ref vpc1
|
|
|
+ Metadata:
|
|
|
+ 'AWS::CloudFormation::Designer':
|
|
|
+ id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
|
|
|
+ redissg:
|
|
|
+ Type: 'AWS::EC2::SecurityGroup'
|
|
|
+ Properties:
|
|
|
+ GroupDescription: redissg
|
|
|
+ GroupName: elasticache_redis
|
|
|
+ Tags:
|
|
|
+ - Key: Name
|
|
|
+ Value: elasticache_redis
|
|
|
+ SecurityGroupIngress:
|
|
|
+ - SourceSecurityGroupId: !Ref webgroup
|
|
|
+ FromPort: '6379'
|
|
|
+ ToPort: '6379'
|
|
|
+ IpProtocol: tcp
|
|
|
+ - SourceSecurityGroupId: !Ref webgroup
|
|
|
+ FromPort: '2049'
|
|
|
+ ToPort: '2049'
|
|
|
+ IpProtocol: tcp
|
|
|
+ SecurityGroupEgress:
|
|
|
+ - CidrIp: 0.0.0.0/0
|
|
|
+ IpProtocol: '-1'
|
|
|
+ VpcId: !Ref vpc1
|
|
|
+ Metadata:
|
|
|
+ 'AWS::CloudFormation::Designer':
|
|
|
+ id: e2fe8abf-7e4a-472a-88e6-52c5b75b9924
|
|
|
+ efssg:
|
|
|
+ Type: 'AWS::EC2::SecurityGroup'
|
|
|
+ Properties:
|
|
|
+ GroupDescription: sgefs
|
|
|
+ GroupName: sg_efs
|
|
|
+ Tags:
|
|
|
+ - Key: Name
|
|
|
+ Value: sg_efs
|
|
|
+ SecurityGroupIngress:
|
|
|
+ - SourceSecurityGroupId: !Ref webgroup
|
|
|
+ FromPort: '2049'
|
|
|
+ ToPort: '2049'
|
|
|
+ IpProtocol: tcp
|
|
|
+ - SourceSecurityGroupId: !Ref lambdasg
|
|
|
+ FromPort: '2049'
|
|
|
+ ToPort: '2049'
|
|
|
+ IpProtocol: tcp
|
|
|
+ SecurityGroupEgress:
|
|
|
+ - CidrIp: 0.0.0.0/0
|
|
|
+ IpProtocol: '-1'
|
|
|
+ VpcId: !Ref vpc1
|
|
|
Metadata:
|
|
|
'AWS::CloudFormation::Designer':
|
|
|
id: a2a71bad-d448-4630-ae7a-ac51d0366306
|
|
|
@@ -344,6 +427,53 @@ Resources:
|
|
|
Metadata:
|
|
|
'AWS::CloudFormation::Designer':
|
|
|
id: 00338a06-280d-4c12-9255-b77136a19138
|
|
|
+ rdssg:
|
|
|
+ Type: 'AWS::EC2::SecurityGroup'
|
|
|
+ Properties:
|
|
|
+ GroupDescription: sg_rds
|
|
|
+ GroupName: sg_rds
|
|
|
+ Tags:
|
|
|
+ - Key: Name
|
|
|
+ Value: sg_rds
|
|
|
+ SecurityGroupIngress:
|
|
|
+ - SourceSecurityGroupId: !Ref webgroup
|
|
|
+ FromPort: '3306'
|
|
|
+ ToPort: '3306'
|
|
|
+ IpProtocol: tcp
|
|
|
+ - SourceSecurityGroupId: !Ref webgroup
|
|
|
+ FromPort: '5432'
|
|
|
+ ToPort: '5432'
|
|
|
+ IpProtocol: tcp
|
|
|
+ - SourceSecurityGroupId: !Ref lambdasg
|
|
|
+ FromPort: '5432'
|
|
|
+ ToPort: '5432'
|
|
|
+ IpProtocol: tcp
|
|
|
+ - SourceSecurityGroupId: !Ref lambdasg
|
|
|
+ FromPort: '3306'
|
|
|
+ ToPort: '3306'
|
|
|
+ IpProtocol: tcp
|
|
|
+ SecurityGroupEgress:
|
|
|
+ - CidrIp: 0.0.0.0/0
|
|
|
+ IpProtocol: '-1'
|
|
|
+ VpcId: !Ref vpc1
|
|
|
+ Metadata:
|
|
|
+ 'AWS::CloudFormation::Designer':
|
|
|
+ id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
|
|
|
+ lambdasg:
|
|
|
+ Type: 'AWS::EC2::SecurityGroup'
|
|
|
+ Properties:
|
|
|
+ GroupDescription: sg_lambda
|
|
|
+ GroupName: sg_lambda
|
|
|
+ Tags:
|
|
|
+ - Key: Name
|
|
|
+ Value: sg_lambda
|
|
|
+ SecurityGroupEgress:
|
|
|
+ - CidrIp: 0.0.0.0/0
|
|
|
+ IpProtocol: '-1'
|
|
|
+ VpcId: !Ref vpc1
|
|
|
+ Metadata:
|
|
|
+ 'AWS::CloudFormation::Designer':
|
|
|
+ id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
|
|
|
Parameters:
|
|
|
vpccidr:
|
|
|
Type: String
|
|
|
@@ -372,24 +502,31 @@ Parameters:
|
|
|
sgName:
|
|
|
Type: String
|
|
|
Default: sg_ai
|
|
|
+ roleName:
|
|
|
+ Type: String
|
|
|
+ Default: BaseRole
|
|
|
Outputs:
|
|
|
- pubnet1id:
|
|
|
+ PUBnet1id:
|
|
|
Value: !Ref pubnet1
|
|
|
- pubnet2id:
|
|
|
+ PUBnet2id:
|
|
|
Value: !Ref pubnet2
|
|
|
- webnet1id:
|
|
|
+ WEBbnet1id:
|
|
|
Value: !Ref webnet1
|
|
|
- webnet2id:
|
|
|
+ WEBnet2id:
|
|
|
Value: !Ref webnet2
|
|
|
- dbnet1id:
|
|
|
+ DBnet1id:
|
|
|
Value: !Ref dbnet1
|
|
|
- dbnet2id:
|
|
|
+ DBnet2id:
|
|
|
Value: !Ref dbnet2
|
|
|
- vpcid:
|
|
|
+ Vpcid:
|
|
|
Value: !Ref vpc1
|
|
|
- elbsg:
|
|
|
+ ELBsg:
|
|
|
Value: !Ref elbgroup
|
|
|
- serversg:
|
|
|
+ ServerSG:
|
|
|
Value: !Ref webgroup
|
|
|
- dbsg:
|
|
|
- Value: !Ref dbgroup
|
|
|
+ MemSg:
|
|
|
+ Value: !Ref dbgroup
|
|
|
+ EFSsg:
|
|
|
+ Value: !Ref efssg
|
|
|
+ RedisSg:
|
|
|
+ Value: !Ref redissg
|
xdc