---
AWSTemplateFormatVersion: 2010-09-09
Description: odoo Security Groups template
Parameters:
  AccessCIDR:
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    ConstraintDescription: Must be a valid IP range in x.x.x.x/x notation
    Description: 'The CIDR IP range that is permitted to access. Note: a value of
      0.0.0.0/0 will allow access from ANY ip address'
    Type: String
  VPCID:
    Description: VPC ID of your existing Virtual Private Cloud (VPC) where you want
      to depoy RDS.
    Type: AWS::EC2::VPC::Id
  VPCCIDR:
    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
    ConstraintDescription: Must be a valid IP range in x.x.x.x/x notation
    Description: The CIDR block for VPC
    Type: String
Resources:
  PostgreSQLRDSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow access to PostgreSQL Port (AWS Quick Start)
      VpcId: !Ref VPCID
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 5432
        ToPort: 5432
        CidrIp: !Ref VPCCIDR
      SecurityGroupEgress:
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: App Server Security Group (AWS Quick Start)
      VpcId: !Ref VPCID
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: !Ref AccessCIDR
      - IpProtocol: tcp
        FromPort: 8001
        ToPort: 8001
        CidrIp: !Ref AccessCIDR       
      SecurityGroupEgress:
      - IpProtocol: tcp
        FromPort: 0
        ToPort: 65535
        CidrIp: 0.0.0.0/0
  EFSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Database Security Group (AWS Quick Start)
      VpcId: !Ref VPCID
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 2049
        ToPort: 2049
        CidrIp: !Ref VPCCIDR
      SecurityGroupEgress:
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
  ElastiCacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Database Security Group (AWS Quick Start)
      VpcId: !Ref VPCID
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 6379
        ToPort: 6379
        CidrIp: !Ref VPCCIDR
      SecurityGroupEgress:
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
Outputs:
  PostgreSQLRDSSecurityGroup:
    Description: PostgreSQL Security Group
    Value: !Ref PostgreSQLRDSSecurityGroup
  WebServerSecurityGroup:
    Description: Web Server Security Group
    Value: !Ref WebServerSecurityGroup
  EFSSecurityGroup:
    Description: EFS Security Group
    Value: !Ref EFSSecurityGroup
  ElastiCacheSecurityGroup:
    Description: Elasticache Security Group
    Value: !Ref ElastiCacheSecurityGroup
...