AWSTemplateFormatVersion: '2010-09-09'
Description: security groups for LoadBalancer and Webservers
Metadata: {}
Parameters:
  ThePublicIp:
    Type: String
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
  TheVpcId:
    Type: String
  TheWebPort:
    Type: Number
Resources:
  TheWebServerAccessSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: allow internet access to webserver
      GroupName: webserver-access
      VpcId: !Ref 'TheVpcId'
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: !Ref 'TheWebPort'
          ToPort: !Ref 'TheWebPort'
          SourceSecurityGroupId: !Ref 'TheLoadBalancerAccessSecurityGroup'
      Tags:
        - Key: Name
          Value: !Sub '${AWS::StackName}-TheWebServerAccessSecurityGroup'
  TheLoadBalancerAccessSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: allow load balacer access to webserver
      GroupName: loadbalancer-access
      VpcId: !Ref 'TheVpcId'
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: !Ref 'TheWebPort'
          ToPort: !Ref 'TheWebPort'
          CidrIp: !Ref 'ThePublicIp'
      Tags:
        - Key: Name
          Value: !Sub '${AWS::StackName}-TheLoadBalancerAccessSecurityGroup'
Outputs:
  WebSecurityGroup:
    Description: web server security group id
    Value: !Ref 'TheWebServerAccessSecurityGroup'
  ALBSecurityGroup:
    Description: alb security group id
    Value: !Ref 'TheLoadBalancerAccessSecurityGroup'