Skip to content

Instantly share code, notes, and snippets.

@daidokoro

daidokoro/sgs

Last active May 29, 2020 13:07
Show Gist options
  • Save daidokoro/d64b2cf2c18ec2e2e0abf803376e1fcd to your computer and use it in GitHub Desktop.
Save daidokoro/d64b2cf2c18ec2e2e0abf803376e1fcd to your computer and use it in GitHub Desktop.
Download ZIP
cfn-tmp
Raw
sgs
{{- if eq .name "efs" }}
Resources:
filesystem:
Type: AWS::EFS::FileSystem
Properties:
Encrypted: {{ .stack.encrypt }}
{{- if .stack.encrypt }}
KmsKeyId: !GetAtt
- key
- Arn
{{- end }}
{{- if .stack.encrypt }}
key:
Type: AWS::KMS::Key
Properties:
KeyPolicy:
Version: 2012-10-17
Id: key-default-1
Statement:
- Sid: Allow administration of the key
Effect: Allow
Principal:
AWS: !Join
- ''
- - 'arn:aws:iam::'
- !Ref 'AWS::AccountId'
- ':root'
Action:
- 'kms:*'
Resource: '*'
{{- end }}
mountTarget:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref "filesystem"
SubnetId: !ImportValue SubId1
SecurityGroups: {{ .stack.sg }}
Output:
EFSIP:
Description: prisma efs ip
Value: !GetAtt mountTarget.IpAddres
Export:
Name: prisma-efs-ip
{{- end }}
{{ if eq .name "sgs"}}
Resources:
{{ range $i, $sg := .stack.groups }}
{{ strip $sg.id "-"}}:
Type: "AWS::{{ if eq $sg.type "ec2" }}EC2::{{ else }}RDS::DB{{ end }}SecurityGroup"
{{- if $sg.desc }}
Description: {{ $sg.desc }}
{{- end }}
Properties:
{{ if eq $sg.type "rds"}}EC2{{ end }}VpcId: {{ $sg.vpcid }}
GroupDescription: {{ $sg.id }} SecurityGroup
Tags:
- Key: Name
Value: {{$sg.id}}
{{ end }}
{{- range $i, $sg := .stack.groups }}{{ range $index, $rule := $sg.ingress }}
{{ if $rule.inbound }}
{{- if eq $sg.type "ec2" }}
{{ strip $sg.id "-" }}{{$index}}ingress:
{{- else }}
{{ strip $sg.id "-" }}from{{$rule.sgid}}:
{{- end }}
Type: "AWS::{{ if eq $sg.type "ec2" }}EC2::{{ else }}RDS::DB{{ end }}SecurityGroupIngress"
Properties:
{{- if eq $sg.type "rds" }}
EC2SecurityGroupId: {{ $rule.sgid }}
DBSecurityGroupName: !Ref {{ $sg.id }}
{{- else }}
{{- if $rule.sgid }}
{{- if $rule.import }}
SourceSecurityGroupId: {{$rule.sgid}}
{{ else }}
SourceSecurityGroupId: {{$rule.sgid}}
{{- end }}
{{- end }}
{{- if $rule.external }}
SourceSecurityGroupOwnerId: {{ $rule.external }}
{{- end }}
{{- if $rule.port }}
ToPort: {{ $rule.port }}
FromPort: {{ $rule.port }}
{{- end }}
GroupId: !Ref {{ strip $sg.id "-"}}
IpProtocol: {{ $rule.protocol }}
{{- if $rule.cidr }}
CidrIp: {{ $rule.cidr }}
{{ end }}
{{ end }}{{ end }}
{{- if $rule.outbound -}}
{{- if eq $sg.type "ec2" }}
{{ strip $sg.id "-" }}{{$index}}egress:
{{- else }}
{{ strip $sg.id "-" }}from{{$rule.sgid}}:
{{ end }}
Type: "AWS::{{ if eq $sg.type "ec2" }}EC2::{{ else }}RDS::DB{{ end }}SecurityGroupEgress"
Properties:
{{- if $rule.sgid }}
{{- if $rule.import }}
DestinationSecurityGroupId: {{$rule.sgid}}
{{ else }}
DestinationSecurityGroupId: {{$rule.sgid}}
{{- end }}
{{- end }}
{{- if $rule.port }}
ToPort: {{ $rule.port }}
FromPort: {{ $rule.port }}
{{- end }}
GroupId: !ImportValue {{$sg.id}}
IpProtocol: {{ $rule.protocol }}
{{ if $rule.cidr }}
CidrIp: {{ $rule.cidr }}
{{- end }}{{ end }}{{ end }}{{ end }}
{{- $tags := .global.tags -}}
{{- $env := .global.env }}
Outputs:
{{- range $i, $sg := .stack.groups }}
{{ strip $sg.id "-" }}:
Description: {{ $sg.id }} security group id
Value: !Ref {{ strip $sg.id "-" }}
Export:
Name: {{ $sg.id }}
{{ if eq $sg.type "rds" }}
{{$sg.id}}ARN:
Description: ARN of DB security groups
Value: !GetAtt {{$sg.id}}.Arn
{{- end }}
{{- end }}
{{- end }}
{{- /*
-----------------------------------------------------------
------------------------ ECS Stack ------------------------
-----------------------------------------------------------
*/ -}}
{{- if .name "ecs-cluster" }}
{{ .stack.parameters }}
Parameters:
CLUSTER_NAME:
Description: ecs cluster name
Type: String
Default: prisma-ecs-cluster
Resources:
ECSCluster:
Type: 'AWS::ECS::Cluster'
Properties:
ClusterName: !Ref CLUSTER_NAME
ClusterSettings:
- Name: containerInsights
Value: enabled
{{- end }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment