--- AWSTemplateFormatVersion: 2010-09-09 Description: 'v5.67: This template creates the ingress rules for Deep Security Managers. (qs-1ngr590j4)' Parameters: DSMSG: Description: Deep Security Manager Security Group Type: AWS::EC2::SecurityGroup::Id ELBSourceSG: Description: Source Security Group for inbound from ELB Type: String DSIPHeartbeatPort: Description: The heartbeat port used by Deep Security Agents and appliances to communicate with the Deep Security Manager. Type: Number MinValue: 0 MaxValue: 65535 Default: '4120' ConstraintDescription: Must be a valid TCP port. DSIPGUIPort: Description: The Deep Security Manager application and GUI port. Type: Number MinValue: 0 MaxValue: 65535 Default: '4119' ConstraintDescription: Must be a valid TCP port. Resources: DSMConsoleIngressFromELB: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPGUIPort ToPort: !Ref DSIPGUIPort SourceSecurityGroupId: !Ref ELBSourceSG DSMHeartbeatIngressFromELB: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPHeartbeatPort ToPort: !Ref DSIPHeartbeatPort SourceSecurityGroupId: !Ref ELBSourceSG DSMRelayIngressFromELB: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: 4122 ToPort: 4122 SourceSecurityGroupId: !Ref ELBSourceSG DSMAgentIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: 4118 ToPort: 4118 SourceSecurityGroupId: !Ref DSMSG DSMConsoleIngressSelf: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPGUIPort ToPort: !Ref DSIPGUIPort SourceSecurityGroupId: !Ref DSMSG DSMHeartbeatIngressSelf: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPHeartbeatPort ToPort: !Ref DSIPHeartbeatPort SourceSecurityGroupId: !Ref DSMSG DSMRelayIngressSelf: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: 4122 ToPort: 4122 SourceSecurityGroupId: !Ref DSMSG DSMConsoleIngress1921918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPGUIPort ToPort: !Ref DSIPGUIPort CidrIp: 192.168.0.0/16 DSMHeartbeatIngress1921918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPHeartbeatPort ToPort: !Ref DSIPHeartbeatPort CidrIp: 192.168.0.0/16 DSMRelayIngress1921918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: 4122 ToPort: 4122 CidrIp: 192.168.0.0/16 DSMConsoleIngress101918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPGUIPort ToPort: !Ref DSIPGUIPort CidrIp: 10.0.0.0/8 DSMHeartbeatIngress101918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPHeartbeatPort ToPort: !Ref DSIPHeartbeatPort CidrIp: 10.0.0.0/8 DSMRelayIngress101918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: 4122 ToPort: 4122 CidrIp: 10.0.0.0/8 DSMConsoleIngress1721918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPGUIPort ToPort: !Ref DSIPGUIPort CidrIp: 172.16.0.0/12 DSMHeartbeatIngress1721918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: !Ref DSIPHeartbeatPort ToPort: !Ref DSIPHeartbeatPort CidrIp: 172.16.0.0/12 DSMRelayIngress1721918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: tcp FromPort: 4122 ToPort: 4122 CidrIp: 172.16.0.0/12 DSMDNS1721918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: udp FromPort: 53 ToPort: 53 CidrIp: 172.16.0.0/12 DSMDNS101918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: udp FromPort: 53 ToPort: 53 CidrIp: 10.0.0.0/8 DSMDNS1921918: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref DSMSG IpProtocol: udp FromPort: 53 ToPort: 53 CidrIp: 192.168.0.0/16 ...