--- AWSTemplateFormatVersion: '2010-09-09' Description: > This Cloudformation Template deploys the Security Groups used by all stacks. Disclaimer: Not for production use. Demo and testing purposes only. Author: David Surey Parameters: BBBVPCs: Description: Reference for the VPC Type: String BBBEnvironmentType: Description: 'Defines the environment type. Allowed values: scalable, single' AllowedValues: - scalable - single Type: String BBBECSInstanceType: Description: Set the ECS Cluster Type to either EC2 based or Fargate based deployments Type: String BBBFrontendType: Type: String Default: Greenlight AllowedValues: - Greenlight - External Conditions: BBBScalableEnvironment: !Equals [!Ref BBBEnvironmentType, scalable] BBBECSFargate: !Equals [!Ref BBBECSInstanceType, fargate] BBBECSEC2: !Not [!Equals [!Ref BBBECSInstanceType, fargate]] BBBGreenlight: !Equals [!Ref BBBFrontendType, Greenlight] BBBScalableGreenlight: !And [!Equals [!Ref BBBFrontendType, Greenlight], !Equals [!Ref BBBEnvironmentType, scalable]] Resources: BBBECSTaskSecurityGroup: Type: AWS::EC2::SecurityGroup Condition: BBBScalableEnvironment Properties: GroupDescription: ECS Instance Security Group VpcId: !Ref BBBVPCs BBBECSTaskSecurityGroupPorts: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableEnvironment Properties: GroupId: !Ref BBBECSTaskSecurityGroup IpProtocol: tcp FromPort: !If [ BBBECSFargate, 80, 32768] ToPort: !If [ BBBECSFargate, 80, 60999] SourceSecurityGroupId: !Ref BBBScaleliteELBSecurityGroup BBBScaleliteELBSecurityGroup: Type: AWS::EC2::SecurityGroup Condition: BBBScalableEnvironment Properties: GroupDescription: Scalelite Security Group VpcId: !Ref BBBVPCs BBBScaleliteELBSecurityGroupPorts: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableEnvironment Properties: GroupId: !Ref BBBScaleliteELBSecurityGroup IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 BBBFrontendELBSecurityGroup: Type: AWS::EC2::SecurityGroup Condition: BBBScalableGreenlight Properties: GroupDescription: ALB Security Group VpcId: !Ref BBBVPCs BBBECSSecurityGroupPublicports: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableGreenlight Properties: CidrIp: 0.0.0.0/0 IpProtocol: tcp FromPort: 443 ToPort: 443 GroupId: !Ref BBBFrontendELBSecurityGroup BBBECSSecurityGroupPublicHTTP: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableGreenlight Properties: CidrIp: 0.0.0.0/0 IpProtocol: tcp FromPort: 80 ToPort: 80 GroupId: !Ref BBBFrontendELBSecurityGroup BBBFrontendSecurityGroupALBports: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableGreenlight Properties: GroupId: !Ref BBBECSTaskSecurityGroup IpProtocol: tcp FromPort: !If [ BBBECSFargate, 3000, 32768] ToPort: !If [ BBBECSFargate, 3000, 60999] SourceSecurityGroupId: !Ref BBBFrontendELBSecurityGroup BBBDBSecurityGroup: Type: AWS::EC2::SecurityGroup Condition: BBBScalableEnvironment Properties: VpcId: Ref: BBBVPCs GroupDescription: Security group for the Postgres DB BBBDBSecurityGroupPorts: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableEnvironment Properties: SourceSecurityGroupId: !Ref BBBECSTaskSecurityGroup IpProtocol: tcp FromPort: 5432 ToPort: 5432 GroupId: !Ref BBBDBSecurityGroup BBBCACHEDBSecurityGroup: Type: AWS::EC2::SecurityGroup Condition: BBBScalableEnvironment Properties: VpcId: Ref: BBBVPCs GroupDescription: Security group for the Redis Cache BBBCACHEDBSecurityGroupPorts: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableEnvironment Properties: SourceSecurityGroupId: !Ref BBBECSTaskSecurityGroup IpProtocol: tcp FromPort: 6379 ToPort: 6379 GroupId: !Ref BBBCACHEDBSecurityGroup BBBApplicationSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: Ref: BBBVPCs GroupDescription: Security group for the BigBlueButton Application Host BBBApplicationSecurityGroupWebSSLPort: Type: AWS::EC2::SecurityGroupIngress Properties: CidrIp: 0.0.0.0/0 IpProtocol: tcp FromPort: 443 ToPort: 443 GroupId: !Ref BBBApplicationSecurityGroup BBBApplicationSecurityGroupWebPlainPort: Type: AWS::EC2::SecurityGroupIngress Properties: CidrIp: 0.0.0.0/0 IpProtocol: tcp FromPort: 80 ToPort: 80 GroupId: !Ref BBBApplicationSecurityGroup BBBApplicationSecurityGroupVCPorts: Type: AWS::EC2::SecurityGroupIngress Properties: CidrIp: 0.0.0.0/0 IpProtocol: udp FromPort: 16384 ToPort: 32768 GroupId: !Ref BBBApplicationSecurityGroup BBBTurnSecurityGroupWebSSLUDPPort: Type: AWS::EC2::SecurityGroupIngress Properties: CidrIp: 0.0.0.0/0 IpProtocol: udp FromPort: 443 ToPort: 443 GroupId: !Ref BBBApplicationSecurityGroup BBBTurnSecurityGroupWebPlainUDPPort: Type: AWS::EC2::SecurityGroupIngress Properties: CidrIp: 0.0.0.0/0 IpProtocol: udp FromPort: 3478 ToPort: 3478 GroupId: !Ref BBBApplicationSecurityGroup BBBTurnSecurityGroupWebPlainTCPPort: Type: AWS::EC2::SecurityGroupIngress Properties: CidrIp: 0.0.0.0/0 IpProtocol: tcp FromPort: 3478 ToPort: 3478 GroupId: !Ref BBBApplicationSecurityGroup BBBSharedStorageSecurityGroup: Type: AWS::EC2::SecurityGroup Condition: BBBScalableEnvironment Properties: VpcId: Ref: BBBVPCs GroupDescription: Security group for the Shared Storage BBBSharedStorageSecurityGroupApplicationPort: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableEnvironment Properties: SourceSecurityGroupId: !Ref BBBApplicationSecurityGroup IpProtocol: tcp FromPort: 2049 ToPort: 2049 GroupId: !Ref BBBSharedStorageSecurityGroup BBBSharedStorageSecurityGroupECSPort: Type: AWS::EC2::SecurityGroupIngress Condition: BBBScalableEnvironment Properties: SourceSecurityGroupId: !Ref BBBECSTaskSecurityGroup IpProtocol: tcp FromPort: 2049 ToPort: 2049 GroupId: !Ref BBBSharedStorageSecurityGroup Outputs: BBBECSTaskSecurityGroup: Condition: BBBScalableEnvironment Description: A reference to the created Security Group for ECS Value: !Ref BBBECSTaskSecurityGroup BBBFrontendELBSecurityGroup: Condition: BBBScalableGreenlight Description: A reference to the created Security Group for ELB Value: !Ref BBBFrontendELBSecurityGroup BBBScaleliteELBSecurityGroup: Condition: BBBScalableEnvironment Description: A reference to the created Security Group for the Scalelite Load Balancer Value: !Ref BBBScaleliteELBSecurityGroup BBBDBSecurityGroup: Condition: BBBScalableEnvironment Description: A reference to the created Security Group for the Database Value: !Ref BBBDBSecurityGroup BBBCACHEDBSecurityGroup: Condition: BBBScalableEnvironment Description: A reference to the created Security Group for the Redis Cache Value: !Ref BBBCACHEDBSecurityGroup BBBApplicationSecurityGroup: Description: A reference to the created Security Group for the Public Ports of the Application Value: !Ref BBBApplicationSecurityGroup BBBSharedStorageSecurityGroup: Condition: BBBScalableEnvironment Description: A reference to the created Security Group for the SharedStorage Value: !Ref BBBSharedStorageSecurityGroup