Use security groups in the multi-instance wp template

2012-04-13 15:56:29 +02:00 · 2012-04-13 15:56:29 +02:00 · 3cbb97ad00
parent d41193cbff
commit 3cbb97ad00
1 changed files with 39 additions and 0 deletions
--- a/templates/WordPress_2_Instances_With_EBS_Volume.template
+++ b/templates/WordPress_2_Instances_With_EBS_Volume.template
@ -151,6 +151,10 @@
                          { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] },
        "InstanceType"   : { "Ref" : "InstanceType" },
        "KeyName"        : { "Ref" : "KeyName" },
+        "SecurityGroups" : [
+          {"Ref" : "AdminAccessSecurityGroup"},
+          {"Ref" : "WebServerSecurityGroup"}
+        ],
        "UserData"       : { "Fn::Base64" : { "Fn::Join" : ["", [
          "#!/bin/bash -v\n",
          "sed --in-place --e s/database_name_here/", { "Ref" : "DBName" }, "/ --e s/username_here/", { "Ref" : "DBUsername" }, "/ --e s/password_here/", { "Ref" : "DBPassword" }, "/ --e s/DB_HOST/", "/ /usr/share/wordpress/wp-config.php\n",
@ -184,6 +188,10 @@
                          { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] },
        "InstanceType"   : { "Ref" : "InstanceType" },
        "KeyName"        : { "Ref" : "KeyName" },
+        "SecurityGroups" : [
+          {"Ref" : "AdminAccessSecurityGroup"},
+          {"Ref" : "MySQLSecurityGroup"}
+        ],
        "UserData"       : { "Fn::Base64" : { "Fn::Join" : ["", [
          "#!/bin/bash -v\n",
          "# Wait for the EBS volume to show up\n",
@ -216,6 +224,37 @@
      }
    },

+    "AdminAccessSecurityGroup" : {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Enable ICMP and SSH",
+        "SecurityGroupIngress" : [
+          {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "0.0.0.0/0"},
+          {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}
+        ]
+      }
+    },
+
+    "WebServerSecurityGroup" : {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Enable HTTP access via port 80",
+        "SecurityGroupIngress" : [
+          {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}
+        ]
+      }
+    },
+
+    "MySQLSecurityGroup" : {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Enable MySQL access via port 3306",
+        "SecurityGroupIngress" : [
+          {"IpProtocol" : "tcp", "FromPort" : "3306", "ToPort" : "3306", "CidrIp" : "0.0.0.0/0"}
+        ]
+      }
+    },
+
    "DataVolume" : {
      "Type" : "AWS::EC2::Volume",
      "Properties" : {