rename CloudFormation/vpc.yaml to CloudFormation/vpc+role.yaml.

CloudFormation/vpc.yaml → CloudFormation/vpc+role.yaml

@@ -1,5 +1,40 @@
 AWSTemplateFormatVersion: 2010-09-09
 Resources:
+  RootRole:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+                - ec2.amazonaws.com.cn
+                - ecs-tasks.amazonaws.com
+                - vpc-flow-logs.amazonaws.com
+            Action:
+              - 'sts:AssumeRole'
+      Path: /
+      RoleName: !Ref roleName
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: 5a809822-8fad-40ca-bd0f-7aae64ae7b4a
+  RolePolicies:
+    Type: 'AWS::IAM::Policy'
+    Properties:
+      PolicyName: root
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action: '*'
+            Resource: '*'
+      Roles:
+        - Ref: RootRole
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: 41ab1589-d187-45a1-99aa-379280c9f643
   vpc1:
     Type: 'AWS::EC2::VPC'
     Properties:
@@ -316,6 +351,54 @@ Resources:
         - CidrIp: 0.0.0.0/0
           IpProtocol: '-1'
       VpcId: !Ref vpc1
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
+  redissg:
+    Type: 'AWS::EC2::SecurityGroup'
+    Properties:
+      GroupDescription: redissg
+      GroupName: elasticache_redis
+      Tags:
+        - Key: Name
+          Value: elasticache_redis
+      SecurityGroupIngress:
+        - SourceSecurityGroupId: !Ref webgroup
+          FromPort: '6379'
+          ToPort: '6379'
+          IpProtocol: tcp
+        - SourceSecurityGroupId: !Ref webgroup
+          FromPort: '2049'
+          ToPort: '2049'
+          IpProtocol: tcp
+      SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: '-1'
+      VpcId: !Ref vpc1
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: e2fe8abf-7e4a-472a-88e6-52c5b75b9924
+  efssg:
+    Type: 'AWS::EC2::SecurityGroup'
+    Properties:
+      GroupDescription: sgefs
+      GroupName: sg_efs
+      Tags:
+        - Key: Name
+          Value: sg_efs
+      SecurityGroupIngress:
+        - SourceSecurityGroupId: !Ref webgroup
+          FromPort: '2049'
+          ToPort: '2049'
+          IpProtocol: tcp
+        - SourceSecurityGroupId: !Ref lambdasg
+          FromPort: '2049'
+          ToPort: '2049'
+          IpProtocol: tcp
+      SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: '-1'
+      VpcId: !Ref vpc1
     Metadata:
       'AWS::CloudFormation::Designer':
         id: a2a71bad-d448-4630-ae7a-ac51d0366306
@@ -344,6 +427,53 @@ Resources:
     Metadata:
       'AWS::CloudFormation::Designer':
         id: 00338a06-280d-4c12-9255-b77136a19138
+  rdssg:
+    Type: 'AWS::EC2::SecurityGroup'
+    Properties:
+      GroupDescription: sg_rds
+      GroupName: sg_rds
+      Tags:
+        - Key: Name
+          Value: sg_rds
+      SecurityGroupIngress:
+        - SourceSecurityGroupId: !Ref webgroup
+          FromPort: '3306'
+          ToPort: '3306'
+          IpProtocol: tcp
+        - SourceSecurityGroupId: !Ref webgroup
+          FromPort: '5432'
+          ToPort: '5432'
+          IpProtocol: tcp
+        - SourceSecurityGroupId: !Ref lambdasg
+          FromPort: '5432'
+          ToPort: '5432'
+          IpProtocol: tcp
+        - SourceSecurityGroupId: !Ref lambdasg
+          FromPort: '3306'
+          ToPort: '3306'
+          IpProtocol: tcp
+      SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: '-1'
+      VpcId: !Ref vpc1
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
+  lambdasg:
+    Type: 'AWS::EC2::SecurityGroup'
+    Properties:
+      GroupDescription: sg_lambda
+      GroupName: sg_lambda
+      Tags:
+        - Key: Name
+          Value: sg_lambda
+      SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: '-1'
+      VpcId: !Ref vpc1
+    Metadata:
+      'AWS::CloudFormation::Designer':
+        id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
 Parameters:
   vpccidr:
     Type: String
@@ -372,24 +502,31 @@ Parameters:
   sgName:
     Type: String
     Default: sg_ai
+  roleName:
+    Type: String
+    Default: BaseRole
 Outputs:
-  pubnet1id:
+  PUBnet1id:
     Value: !Ref pubnet1
-  pubnet2id:
+  PUBnet2id:
     Value: !Ref pubnet2
-  webnet1id:
+  WEBbnet1id:
     Value: !Ref webnet1
-  webnet2id:
+  WEBnet2id:
     Value: !Ref webnet2
-  dbnet1id:
+  DBnet1id:
     Value: !Ref dbnet1
-  dbnet2id:
+  DBnet2id:
     Value: !Ref dbnet2
-  vpcid:
+  Vpcid:
     Value: !Ref vpc1
-  elbsg:
+  ELBsg:
     Value: !Ref elbgroup
-  serversg:
+  ServerSG:
     Value: !Ref webgroup
-  dbsg:
-    Value: !Ref dbgroup
+  MemSg:
+    Value: !Ref dbgroup
+  EFSsg:
+    Value: !Ref efssg
+  RedisSg:
+    Value: !Ref redissg