Skip to content

Instantly share code, notes, and snippets.

@ephillipe

ephillipe/elb-sg-config.yaml

Forked from afternoon/elb-sg-config.yaml
Created October 30, 2013 13:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ephillipe/7232592 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ephillipe/7232592 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
elb-sg-config.yaml
# vim: ft=yaml
# Elastic Load Balancer and Security Group configuration for the app
#
# - Allow anyone to connect to port 443 and office traffic to connect to
# port 22
# - Ensure all traffic is encrypted by configuring load balancer to listen on
# 443 and direct traffic to port 443 on app servers
# - Enable cookie-based session stickiness
# - Use /status for health check
# - Enable backend authentication policy by providing public key for cert
Resources:
AWSEBSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Security group to allow HTTPS for all, SSH for office"
SecurityGroupIngress:
- {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "443", ToPort: "443"}
- {CidrIp: "176.35.225.76/32", IpProtocol: "tcp", FromPort: "22", ToPort: "22"}
AWSEBLoadBalancer:
Type: "AWS::ElasticLoadBalancing::LoadBalancer"
Properties:
Listeners:
- {LoadBalancerPort: 443, InstancePort: 443, Protocol: "HTTPS", SSLCertificateId: "arn:aws:iam::1234567890:server-certificate/server"}
AppCookieStickinessPolicy:
- {PolicyName: "lb-session", CookieName: "lb-session"}
HealthCheck:
HealthyThreshold: "3"
Interval: "30"
Target: "HTTPS:443/status"
Timeout: "5"
UnhealthyThreshold: "5"
Policies:
-
PolicyName: "MyPubKey"
PolicyType: "PublicKeyPolicyType"
Attributes:
-
Name: "PublicKey"
Value: "..."
-
PolicyName: "BackendAuth"
PolicyType: "BackendServerAuthenticationPolicyType"
Attributes:
-
Name: "PublicKeyPolicyName"
Value: "MyPubKey"
InstancePorts:
- "443"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment