AWSTemplateFormatVersion: '2010-09-09' Description: Neo4j Enterprise Edition (qs-1shnl7a6p) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for deploying the Quick Start" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "Neo4j Configuration" Parameters: - InstallGraphDataScience - GraphDataScienceLicenseKey - InstallBloom - BloomLicenseKey - Password - Label: default: "Infrastructure Configuration" Parameters: - NumberOfServers - InstanceType - DiskSize - SSHCIDR ParameterLabels: InstallGraphDataScience: default: Install Graph Data Science GraphDataScienceLicenseKey: default: Graph Data Science License Key InstallBloom: default: Install Bloom BloomLicenseKey: default: Bloom License Key Password: default: Password NumberOfServers: default: Number of Servers InstanceType: default: Instance Type DiskSize: default: Disk Size SSHCIDR: default: SSH CIDR Parameters: InstallGraphDataScience: Description: Install Graph Data Science Type: String Default: 'False' AllowedValues: - 'True' - 'False' GraphDataScienceLicenseKey: Description: License Key for Graph Data Science (License keys will be sent to and stored by Neo4j. This information will only be used for the purposes of product activation.) Type: String Default: 'None' InstallBloom: Description: Install Bloom Type: String Default: 'False' AllowedValues: - 'True' - 'False' BloomLicenseKey: Description: License Key for Bloom (License keys will be sent to and stored by Neo4j. This information will only be used for the purposes of product activation.) Type: String Default: 'None' Password: Description: Password for Neo4j Type: String MinLength: 6 NoEcho: true NumberOfServers: Description: Must be 3 or greater to form a cluster Type: Number Default: 3 AllowedValues: - 1 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 InstanceType: Description: EC2 instance type Type: String Default: t3.medium AllowedValues: - t3.medium - t3.large - t3.xlarge - t3.2xlarge - r6i.large - r6i.xlarge - r6i.2xlarge - r6i.4xlarge - r6i.8xlarge - r6i.12xlarge - r6i.16xlarge - r6i.24xlarge - r6i.32xlarge DiskSize: Description: Size in GB of the EBS volume on each node Type: Number Default: 100 MinValue: 100 ConstraintDescription: "Minimum disk size should be 100" SSHCIDR: Description: SSH CIDR (Specify an address range from which ec2 instances are accessible on port 22. You can use 0.0.0.0/0 to allow access from any IP address) Type: String MinLength: 9 MaxLength: 18 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: "must be a valid CIDR range of the form x.x.x.x/x." Rules: GDSCheck: RuleCondition: !Equals - !Ref InstallGraphDataScience - 'True' Assertions: - Assert: !Not - !Equals - !Ref NumberOfServers - '3' AssertDescription: Node Count cannot be set to 3 when InstallGraphDataScience is selected. Please set Node Count to 1 or set InstallGraphDataScience to false. Conditions: CreateCluster: !Not - !Equals - !Ref NumberOfServers - '1' Resources: Neo4jVPC: Type: AWS::EC2::VPC Properties: EnableDnsHostnames: true CidrBlock: 10.0.0.0/16 Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' Neo4jSubnet1: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.1.0/24 MapPublicIpOnLaunch: true AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: !Ref 'AWS::Region' Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' VpcId: !Ref Neo4jVPC Neo4jSubnet2: Type: AWS::EC2::Subnet Condition: CreateCluster Properties: CidrBlock: 10.0.2.0/24 MapPublicIpOnLaunch: true AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: !Ref 'AWS::Region' Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' VpcId: !Ref Neo4jVPC Neo4jSubnet3: Type: AWS::EC2::Subnet Condition: CreateCluster Properties: CidrBlock: 10.0.3.0/24 MapPublicIpOnLaunch: true AvailabilityZone: Fn::Select: - 2 - Fn::GetAZs: !Ref 'AWS::Region' Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' VpcId: !Ref Neo4jVPC Neo4jRouteTable: Type: AWS::EC2::RouteTable Properties: Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' VpcId: !Ref Neo4jVPC Neo4jRoute: Type: AWS::EC2::Route Properties: GatewayId: !Ref Neo4jInternetGateway RouteTableId: !Ref Neo4jRouteTable DestinationCidrBlock: 0.0.0.0/0 Neo4jSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref Neo4jRouteTable SubnetId: !Ref Neo4jSubnet1 Neo4jSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Condition: CreateCluster Properties: RouteTableId: !Ref Neo4jRouteTable SubnetId: !Ref Neo4jSubnet2 Neo4jSubnet3RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Condition: CreateCluster Properties: RouteTableId: !Ref Neo4jRouteTable SubnetId: !Ref Neo4jSubnet3 Neo4jInternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' Neo4jInternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref Neo4jInternetGateway VpcId: !Ref Neo4jVPC Neo4jNetworkLoadBalancer: DependsOn: Neo4jInternetGateway Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: ipv4 Name: !Join - '-' - - !Ref 'AWS::StackName' - 'nlb' Scheme: internet-facing Subnets: !If [CreateCluster, [!Ref Neo4jSubnet1,!Ref Neo4jSubnet2,!Ref Neo4jSubnet3], [!Ref Neo4jSubnet1]] Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' Type: network Neo4jHTTPListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - TargetGroupArn: !Ref Neo4jHTTPTargetGroup Type: forward LoadBalancerArn: !Ref Neo4jNetworkLoadBalancer Port: 7474 Protocol: TCP Neo4jBoltListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - TargetGroupArn: !Ref Neo4jBoltTargetGroup Type: forward LoadBalancerArn: !Ref Neo4jNetworkLoadBalancer Port: 7687 Protocol: TCP Neo4jHTTPTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: !Join - '-' - - !Ref 'AWS::StackName' - 'http' - 'tg' Port: 7474 Protocol: TCP HealthCheckIntervalSeconds: 10 Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' VpcId: !Ref Neo4jVPC Neo4jBoltTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: !Join - '-' - - !Ref 'AWS::StackName' - 'bolt' - 'tg' Port: 7687 Protocol: TCP HealthCheckIntervalSeconds: 10 Tags: - Key: StackID Value: !Ref 'AWS::StackId' - Key: Name Value: !Ref 'AWS::StackName' VpcId: !Ref Neo4jVPC Neo4jAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup CreationPolicy: ResourceSignal: Count: !Ref NumberOfServers Timeout: PT8M Properties: AvailabilityZones: !If [CreateCluster, [!Select [ 0, Fn::GetAZs: !Ref 'AWS::Region' ] , !Select [ 1, Fn::GetAZs: !Ref 'AWS::Region' ] , !Select [ 2, Fn::GetAZs: !Ref 'AWS::Region' ]],[!Select [ 0, Fn::GetAZs: !Ref 'AWS::Region' ]]] LaunchConfigurationName: Ref: Neo4jLaunchConfiguration MinSize: !Ref NumberOfServers MaxSize: !Ref NumberOfServers VPCZoneIdentifier: !If [CreateCluster, [!Ref Neo4jSubnet1,!Ref Neo4jSubnet2,!Ref Neo4jSubnet3], [!Ref Neo4jSubnet1]] TargetGroupARNs: - Ref: Neo4jHTTPTargetGroup - Ref: Neo4jBoltTargetGroup DesiredCapacity: !Ref NumberOfServers Tags: - Key: StackID Value: !Ref 'AWS::StackId' PropagateAtLaunch: true - Key: Name Value: !Ref 'AWS::StackName' PropagateAtLaunch: true Neo4jLaunchConfiguration: Type: AWS::AutoScaling::LaunchConfiguration Properties: ImageId: !FindInMap - Neo4j - !Ref 'AWS::Region' - BYOL InstanceType: Ref: InstanceType SecurityGroups: - Ref: Neo4jExternalSecurityGroup - Ref: Neo4jInternalSecurityGroup EbsOptimized: true IamInstanceProfile: Ref: Neo4jInstanceProfile BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: VolumeSize: Ref: DiskSize VolumeType: gp3 Encrypted: true UserData: Fn::Base64: !Join - '' - - "#!/bin/bash\n" - "set -euo pipefail\n" - "echo Running startup script...\n" - "installGraphDataScience=" - Ref: InstallGraphDataScience - "\n" - "graphDataScienceLicenseKey=" - Ref: GraphDataScienceLicenseKey - "\n" - "installBloom=" - Ref: InstallBloom - "\n" - "bloomLicenseKey=" - Ref: BloomLicenseKey - "\n" - "password=" - Ref: Password - "\n" - "nodeCount=" - Ref: NumberOfServers - "\n" - "loadBalancerDNSName=" - Fn::GetAtt: [Neo4jNetworkLoadBalancer,DNSName] - "\n" - "stackName=" - Ref: AWS::StackName - "\n" - "region=" - Ref: AWS::Region - "\n" - "install_neo4j_from_yum() {\n" - " echo \"Installing Graph Database...\"\n" - " export NEO4J_ACCEPT_LICENSE_AGREEMENT=yes\n" - " ASG_NAME=$(aws --region $region cloudformation describe-stack-resources --stack-name $stackName --query 'StackResources[?ResourceType==`AWS::AutoScaling::AutoScalingGroup` && LogicalResourceId==`Neo4jAutoScalingGroup`].PhysicalResourceId' --output text)\n" - " NEO4J_VERSION_ASG_TAG=$(aws --region $region autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`NEO4J_VERSION`].Value' --output text)\n" - " if [[ ! -z $NEO4J_VERSION_ASG_TAG ]]; then\n" - " echo \"Found NEO4J_VERSION_ASG_TAG Tag on AutoScalingGroup $ASG_NAME: NEO4J_VERSION_ASG_TAG=$NEO4J_VERSION_ASG_TAG\"\n" - " PACKAGE_VERSION=$NEO4J_VERSION_ASG_TAG\n" - " local -r NEO4J_YUM_PACKAGE=\"neo4j-enterprise-$PACKAGE_VERSION\"\n" - " else\n" - " PACKAGE_VERSION=$(curl --fail http://versions.neo4j-templates.com/target.json | jq -r '.aws.\"5\"' || echo \"\")\n" - " if [[ ! -z $PACKAGE_VERSION && $PACKAGE_VERSION != \"null\" ]]; then\n" - " echo \"Found PACKAGE_VERSION from http://versions.neo4j-templates.com : PACKAGE_VERSION=$PACKAGE_VERSION\"\n" - " local -r NEO4J_YUM_PACKAGE=\"neo4j-enterprise-$PACKAGE_VERSION\"\n" - " else\n" - " echo 'Failed to resolve Neo4j version from http://versions.neo4j-templates.com, using PACKAGE_VERSION=latest'\n" - " PACKAGE_VERSION=\"latest\"\n" - " local -r NEO4J_YUM_PACKAGE='neo4j-enterprise'\n" - " fi\n" - " fi\n" - " yum -y install \"${NEO4J_YUM_PACKAGE}\"\n" - " yum update -y aws-cfn-bootstrap\n" - " systemctl enable neo4j\n" - " if [[ \"$PACKAGE_VERSION\" == \"latest\" ]]; then\n" - " PACKAGE_VERSION=$(/usr/share/neo4j/bin/neo4j --version)\n" - " fi\n" - "}\n" - "install_apoc_plugin() {\n" - " echo \"Installing APOC...\"\n" - " mv /var/lib/neo4j/labs/apoc-*-core.jar /var/lib/neo4j/plugins\n" - "}\n" - "configure_graph_data_science() {\n" - " if [[ \"${installGraphDataScience}\" == True && \"${nodeCount}\" == 1 ]]; then\n" - " echo \"Installing Graph Data Science...\"\n" - " cp /var/lib/neo4j/products/neo4j-graph-data-science-*.jar /var/lib/neo4j/plugins\n" - " fi\n" - " if [[ $graphDataScienceLicenseKey != None ]]; then\n" - " echo \"Writing GDS license key...\"\n" - " mkdir -p /etc/neo4j/licenses\n" - " echo \"${graphDataScienceLicenseKey}\" > /etc/neo4j/licenses/neo4j-gds.license\n" - " sed -i '$a gds.enterprise.license_file=/etc/neo4j/licenses/neo4j-gds.license' /etc/neo4j/neo4j.conf\n" - " fi\n" - "}\n" - "configure_bloom() {\n" - " if [[ $installBloom == True ]]; then\n" - " echo \"Installing Bloom...\"\n" - " cp /var/lib/neo4j/products/bloom-plugin-*.jar /var/lib/neo4j/plugins\n" - " fi\n" - " if [[ $bloomLicenseKey != None ]]; then\n" - " echo \"Writing Bloom license key...\"\n" - " mkdir -p /etc/neo4j/licenses\n" - " echo \"${bloomLicenseKey}\" > /etc/neo4j/licenses/neo4j-bloom.license\n" - " sed -i '$a dbms.bloom.license_file=/etc/neo4j/licenses/neo4j-bloom.license' /etc/neo4j/neo4j.conf\n" - " fi\n" - "}\n" - "extension_config() {\n" - " echo Configuring extensions and security in neo4j.conf...\n" - " sed -i s~#server.unmanaged_extension_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged~server.unmanaged_extension_classes=com.neo4j.bloom.server=/bloom,semantics.extension=/rdf~g /etc/neo4j/neo4j.conf\n" - " sed -i s/#dbms.security.procedures.unrestricted=my.extensions.example,my.procedures.*/dbms.security.procedures.unrestricted=gds.*,apoc.*,bloom.*/g /etc/neo4j/neo4j.conf\n" - " echo \"dbms.security.http_auth_allowlist=/,/browser.*,/bloom.*\" >> /etc/neo4j/neo4j.conf\n" - " echo \"dbms.security.procedures.allowlist=apoc.*,gds.*,bloom.*\" >> /etc/neo4j/neo4j.conf\n" - "}\n" - "build_neo4j_conf_file() {\n" - " local -r privateIP=\"$(hostname -i | awk '{print $NF}')\"\n" - " echo \"Configuring network in neo4j.conf...\"\n" - " sed -i 's/#server.default_listen_address=0.0.0.0/server.default_listen_address=0.0.0.0/g' /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.default_advertised_address=localhost/server.default_advertised_address=\"${loadBalancerDNSName}\"/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.discovery.advertised_address=:5000/server.discovery.advertised_address=\"${privateIP}\":5000/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.cluster.advertised_address=:6000/server.cluster.advertised_address=\"${privateIP}\":6000/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.cluster.raft.advertised_address=:7000/server.cluster.raft.advertised_address=\"${privateIP}\":7000/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.routing.advertised_address=:7688/server.routing.advertised_address=\"${privateIP}\":7688/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.discovery.listen_address=:5000/server.discovery.listen_address=\"${privateIP}\":5000/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.routing.listen_address=0.0.0.0:7688/server.routing.listen_address=\"${privateIP}\":7688/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.cluster.listen_address=:6000/server.cluster.listen_address=\"${privateIP}\":6000/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.cluster.raft.listen_address=:7000/server.cluster.raft.listen_address=\"${privateIP}\":7000/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.bolt.listen_address=:7687/server.bolt.listen_address=\"${privateIP}\":7687/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.bolt.advertised_address=:7687/server.bolt.advertised_address=\"${privateIP}\":7687/g /etc/neo4j/neo4j.conf\n" - " neo4j-admin server memory-recommendation >> /etc/neo4j/neo4j.conf\n" - " echo \"server.metrics.enabled=true\" >> /etc/neo4j/neo4j.conf\n" - " echo \"server.metrics.jmx.enabled=true\" >> /etc/neo4j/neo4j.conf\n" - " echo \"server.metrics.prefix=neo4j\" >> /etc/neo4j/neo4j.conf\n" - " echo \"server.metrics.filter=*\" >> /etc/neo4j/neo4j.conf\n" - " echo \"server.metrics.csv.interval=5s\" >> /etc/neo4j/neo4j.conf\n" - " echo \"dbms.routing.default_router=SERVER\" >> /etc/neo4j/neo4j.conf\n" - " if [[ ${nodeCount} == 1 ]]; then\n" - " echo \"Running on a single node.\"\n" - " else\n" - " echo \"Running on multiple nodes. Configuring membership in neo4j.conf...\"\n" - " sed -i s/#initial.dbms.default_primaries_count=1/initial.dbms.default_primaries_count=3/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#initial.dbms.default_secondaries_count=0/initial.dbms.default_secondaries_count=$(expr ${nodeCount} - 3)/g /etc/neo4j/neo4j.conf\n" - " sed -i s/#server.bolt.listen_address=:7687/server.bolt.listen_address=\"${privateIP}\":7687/g /etc/neo4j/neo4j.conf\n" - " echo \"dbms.cluster.minimum_initial_system_primaries_count=${nodeCount}\" >> /etc/neo4j/neo4j.conf\n" - " region=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/.$//')\n" - " instanceId=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)\n" - " stackName=$(aws cloudformation describe-stack-resources --physical-resource-id $instanceId --query 'StackResources[0].StackName' --output text --region $region)\n" - " coreMembers=$(aws autoscaling describe-auto-scaling-instances --region $region --output text --query \"AutoScalingInstances[?contains(AutoScalingGroupName,'$stackName-Neo4jAutoScalingGroup')].[InstanceId]\" | xargs -n1 -I {} aws ec2 describe-instances --instance-ids {} --region $region --query \"Reservations[].Instances[].PrivateIpAddress\" --output text --filter \"Name=tag:aws:cloudformation:stack-name,Values=$stackName\")\n" - " coreMembers=$(echo ${coreMembers} | sed 's/ /:5000,/g')\n" - " coreMembers=$(echo \"${coreMembers}\"):5000\n" - " sed -i s/#dbms.cluster.discovery.endpoints=localhost:5000,localhost:5001,localhost:5002/dbms.cluster.discovery.endpoints=${coreMembers}/g /etc/neo4j/neo4j.conf\n" - " fi\n" - "}\n" - "start_neo4j() {\n" - " echo \"Starting Neo4j...\"\n" - " service neo4j start\n" - " neo4j-admin dbms set-initial-password \"${password}\"\n" - " while [[ \"$(curl -s -o /dev/null -m 3 -L -w '%{http_code}' http://localhost:7474 )\" != \"200\" ]];\n" - " do echo \"Waiting for cluster to start\"\n" - " sleep 5\n" - " done\n" - " /opt/aws/bin/cfn-signal -e $? --stack \"${stackName}\" --resource Neo4jAutoScalingGroup --region \"${region}\"\n" - "}\n" #this is to prevent SSRF attacks #Read more here https://neo4j.com/developer/kb/protecting-against-ssrf/ - "add_cypher_ip_blocklist() {\n" - " echo \"internal.dbms.cypher_ip_blocklist=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.169.0/24,fc00::/7,fe80::/10,ff00::/8\" >> /etc/neo4j/neo4j.conf\n" - "}\n" - "tag_asg_with_neo4j_version() {\n" - " if [[ -z $NEO4J_VERSION_ASG_TAG ]]; then\n" - " echo \"Tagging AutoScalingGroup $ASG_NAME with Key NEO4J_VERSION and Value $PACKAGE_VERSION\"\n" - " aws --region $region autoscaling create-or-update-tags --tags ResourceId=$ASG_NAME,ResourceType=auto-scaling-group,Key=NEO4J_VERSION,Value=$PACKAGE_VERSION,PropagateAtLaunch=true\n" - " else\n" - " echo \"ASG is already tagged with NEO4J_VERSION\"\n" - " fi\n" - " /opt/aws/bin/cfn-signal -e $? --stack \"${stackName}\" --resource Neo4jAutoScalingGroup --region \"${region}\"\n" - "}\n" - "install_neo4j_from_yum\n" - "install_apoc_plugin\n" - "extension_config\n" - "build_neo4j_conf_file\n" - "add_cypher_ip_blocklist\n" - "configure_graph_data_science\n" - "configure_bloom\n" - "start_neo4j\n" - "tag_asg_with_neo4j_version\n" Neo4jInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Roles: - Ref: Neo4jRole Neo4jRole: Type: AWS::IAM::Role Metadata: cfn-lint: config: ignore_checks: - EIAMPolicyWildcardResource Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: Neo4jPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - autoscaling:CreateOrUpdateTags - autoscaling:DescribeAutoScalingInstances - autoscaling:DescribeAutoScalingGroups - cloudformation:DescribeStackDriftDetectionStatus - cloudformation:DescribeStackEvents - cloudformation:DescribeStackInstance - cloudformation:DescribeStackResource - cloudformation:DescribeStackResourceDrifts - cloudformation:DescribeStackResources - cloudformation:DescribeStacks - cloudformation:DescribeStackSet - cloudformation:DescribeStackSetOperation - ec2:DescribeInstances Resource: - "*" Neo4jExternalSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable SSH and Neo4j External Ports VpcId: !Ref Neo4jVPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: !Ref SSHCIDR - IpProtocol: tcp FromPort: 7474 ToPort: 7474 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 7687 ToPort: 7687 CidrIp: 0.0.0.0/0 Neo4jInternalSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable Neo4j Internal Ports VpcId: !Ref Neo4jVPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 5000 ToPort: 5000 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId - IpProtocol: tcp FromPort: 6000 ToPort: 6000 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId - IpProtocol: tcp FromPort: 7000 ToPort: 7000 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId - IpProtocol: tcp FromPort: 7688 ToPort: 7688 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId - IpProtocol: tcp FromPort: 2003 ToPort: 2003 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId - IpProtocol: tcp FromPort: 2004 ToPort: 2004 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId - IpProtocol: tcp FromPort: 3637 ToPort: 3637 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId - IpProtocol: tcp FromPort: 5005 ToPort: 5005 SourceSecurityGroupId: !GetAtt Neo4jExternalSecurityGroup.GroupId Outputs: Neo4jBrowserURL: Description: URL for Neo4j Browser Value: !Join - '' - - 'http://' - !GetAtt Neo4jNetworkLoadBalancer.DNSName - ':' - '7474' Neo4jURI: Description: Neo4j URI Scheme Value: !Join - '' - - 'neo4j://' - !GetAtt Neo4jNetworkLoadBalancer.DNSName - ':' - '7687' Neo4jUsername: Description: Username for Neo4j Value: 'The username is neo4j. The password is what you provided to the template.' Mappings: Neo4j: us-east-1: BYOL: ami-0e400af847eb9a531 us-east-2: BYOL: ami-0107e71b1207b90c1 us-west-1: BYOL: ami-01a47d8951b35c272 us-west-2: BYOL: ami-074caf8265c21fd4d ca-central-1: BYOL: ami-07887e0c7c8cd3151 eu-central-1: BYOL: ami-01321a57a6c5786c4 eu-west-1: BYOL: ami-0f91decef80d7d93b eu-west-2: BYOL: ami-0a7d3edbd43b7eb80 eu-west-3: BYOL: ami-084419b01954a6223 eu-north-1: BYOL: ami-05fed050da0ade42e eu-south-1: BYOL: ami-02c3742c42b59e7ef ap-southeast-1: BYOL: ami-09a4e375812f71b6a ap-southeast-2: BYOL: ami-0a95c0a2258c32e85 ap-southeast-3: BYOL: ami-09093311aa2cb29a8 ap-south-1: BYOL: ami-0fceddde2778cc2e0 ap-northeast-1: BYOL: ami-0dbecd5269ffad97f ap-northeast-2: BYOL: ami-0e78f50ef5b1e902b ap-northeast-3: BYOL: ami-0ff14d64aef37f40d ap-east-1: BYOL: ami-05f54d0dc0905041d sa-east-1: BYOL: ami-0a431786eba166f75 me-south-1: BYOL: ami-0c77db260e85bb422 af-south-1: BYOL: ami-041936db2e9c3abc2 us-gov-east-1: BYOL: ami-02ed55fa8cb841061 us-gov-west-1: BYOL: ami-05f0b2155478f8259