Created
April 14, 2013 20:34
Revisions
-
afternoon created this gist
Apr 14, 2013 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,49 @@ # vim: ft=yaml # Elastic Load Balancer and Security Group configuration for the app # # - Allow anyone to connect to port 443 and office traffic to connect to # port 22 # - Ensure all traffic is encrypted by configuring load balancer to listen on # 443 and direct traffic to port 443 on app servers # - Enable cookie-based session stickiness # - Use /status for health check # - Enable backend authentication policy by providing public key for cert Resources: AWSEBSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "Security group to allow HTTPS for all, SSH for office" SecurityGroupIngress: - {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "443", ToPort: "443"} - {CidrIp: "176.35.225.76/32", IpProtocol: "tcp", FromPort: "22", ToPort: "22"} AWSEBLoadBalancer: Type: "AWS::ElasticLoadBalancing::LoadBalancer" Properties: Listeners: - {LoadBalancerPort: 443, InstancePort: 443, Protocol: "HTTPS", SSLCertificateId: "arn:aws:iam::1234567890:server-certificate/server"} AppCookieStickinessPolicy: - {PolicyName: "lb-session", CookieName: "lb-session"} HealthCheck: HealthyThreshold: "3" Interval: "30" Target: "HTTPS:443/status" Timeout: "5" UnhealthyThreshold: "5" Policies: - PolicyName: "MyPubKey" PolicyType: "PublicKeyPolicyType" Attributes: - Name: "PublicKey" Value: "..." - PolicyName: "BackendAuth" PolicyType: "BackendServerAuthenticationPolicyType" Attributes: - Name: "PublicKeyPolicyName" Value: "MyPubKey" InstancePorts: - "443"