# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 Parameters: VPC: Type: "AWS::EC2::VPC::Id" Description: "VPC ID for creating the application" ProjectTag: Type: String Description: Tag to apply to created resources for visibility AllowedCidrIngress: Type: String MinLength: 9 MaxLength: 18 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/YY AppPublicCIDRA: Type: String AppPublicCIDRB: Type: String Resources: DBFirewall: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " RDS"]] VpcId: !Ref VPC SecurityGroupIngress: - SourceSecurityGroupId: Fn::GetAtt: - ClientFirewall - GroupId IpProtocol: tcp ToPort: "3306" FromPort: "3306" SecurityGroupEgress: - CidrIp: 0.0.0.0/0 ToPort: "-1" IpProtocol: "-1" Tags: - Key: Project Value: !Ref ProjectTag BrokerFirewall: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " MQ"]] VpcId: !Ref VPC SecurityGroupIngress: - SourceSecurityGroupId: Fn::GetAtt: - ClientFirewall - GroupId IpProtocol: tcp ToPort: "8162" FromPort: "8162" - SourceSecurityGroupId: Fn::GetAtt: - ClientFirewall - GroupId IpProtocol: tcp ToPort: "61614" FromPort: "61614" SecurityGroupEgress: - CidrIp: 0.0.0.0/0 ToPort: "-1" IpProtocol: "-1" Tags: - Key: Project Value: !Ref ProjectTag ClientFirewall: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " Client"]] VpcId: !Ref VPC SecurityGroupIngress: - CidrIp: !Ref AllowedCidrIngress IpProtocol: tcp ToPort: "22" FromPort: "22" SecurityGroupEgress: - CidrIp: 0.0.0.0/0 ToPort: "-1" IpProtocol: "-1" Outputs: ClientFirewallId: Description: ID of client security group Value: !Ref ClientFirewall DBFirewallId: Description: ID of database security group Value: !Ref DBFirewall BrokerFirewallId: Description: ID of MQ security group Value: !Ref BrokerFirewall