use parameter to disable greenlight, removing unneeded properties for…

… launch templates, disable SGs not needed w/o greenlight
aws-samples · Oct 6, 2022 · 8540170 · 8540170
1 parent 80e2fe4
commit 8540170
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 18 deletions.
diff --git a/bbb-on-aws-root.template.yaml b/bbb-on-aws-root.template.yaml
@@ -479,6 +479,7 @@ Conditions:
   BBBExistingVPC: !And [ !Not [ !Equals [ !Ref BBBVPCs, "" ]], !Equals [ !Select [ 0, !Split [ vpc-, !Ref BBBVPCs ]], "" ]]
   BBBNewVPC: !Not [ Condition: BBBExistingVPC ]
   BBBSESNotValidated: !Equals [false, !Ref BBBSESValidated]
+  BBBGreenlight: !Equals [!Ref BBBFrontendType, Greenlight]
 
 Resources:
 
@@ -667,6 +668,8 @@ Resources:
           Ref: BBBEnvironmentType
         BBBECSInstanceType:
           Ref: BBBECSInstanceType
+        BBBFrontendType: 
+          Ref: BBBFrontendType
       Tags:
         - Key: Name
           Value:
@@ -1149,9 +1152,12 @@ Resources:
               - ","
               - Ref: BBBPublicApplicationSubnets
         BBBFrontendELBSecurityGroup:
-          Fn::GetAtt:
-            - BBBSecurityGroupStack
-            - Outputs.BBBFrontendELBSecurityGroup
+          Fn::If: 
+            - BBBGreenlight
+            - Fn::GetAtt:
+              - BBBSecurityGroupStack
+              - Outputs.BBBFrontendELBSecurityGroup
+            - "AWS::NoValue"
         BBBScaleliteELBSecurityGroup:
           Fn::GetAtt:
             - BBBSecurityGroupStack

diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml
@@ -286,13 +286,10 @@ Resources:
               VolumeSize: !Ref BBBApplicationDataVolumeSize
               VolumeType: gp2
               Encrypted: true
-        EbsOptimized: true
         IamInstanceProfile:
           Arn: !GetAtt BBBApplicationEC2InstanceProfile.Arn
         ImageId: !Ref BBBLatestApplicationAmiId
         InstanceType: !Ref BBBApplicationInstanceType
-        Monitoring:
-          Enabled: true
         NetworkInterfaces:
           - AssociatePublicIpAddress: true
             DeviceIndex: 0

diff --git a/templates/bbb-on-aws-bbbappsingle.template.yaml b/templates/bbb-on-aws-bbbappsingle.template.yaml
@@ -246,13 +246,10 @@ Resources:
               VolumeSize: !Ref BBBApplicationDataVolumeSize
               VolumeType: gp2
               Encrypted: true
-        EbsOptimized: true
         IamInstanceProfile:
           Arn: !GetAtt BBBApplicationEC2InstanceProfile.Arn
         ImageId: !Ref BBBLatestApplicationAmiId
         InstanceType: !Ref BBBApplicationInstanceType
-        Monitoring:
-          Enabled: true
         NetworkInterfaces:
           - AssociatePublicIpAddress: true
             DeviceIndex: 0

diff --git a/templates/bbb-on-aws-bbbturn.template.yaml b/templates/bbb-on-aws-bbbturn.template.yaml
@@ -246,13 +246,10 @@ Resources:
     Type: AWS::EC2::LaunchTemplate
     Properties:
       LaunchTemplateData:
-        EbsOptimized: false
         IamInstanceProfile:
           Arn: !GetAtt BBBTurnEC2InstanceProfile.Arn
         ImageId: !Ref BBBLatestTurnAmiId
         InstanceType: !Ref BBBTurnInstanceType
-        Monitoring:
-          Enabled: true
         NetworkInterfaces:
           - AssociatePublicIpAddress: true
             DeviceIndex: 0

diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml
@@ -18,6 +18,7 @@ Parameters:
   BBBFrontendELBSecurityGroup:
     Description: Security Group that should be assigned for the frontend ELB
     Type: String
+    Default: "AWS::NoValue"
   BBBScaleliteELBSecurityGroup:
     Description: Security Group that should be assigned for the Scalelite ELB
     Type: String
@@ -410,7 +411,7 @@ Resources:
                   - "ecs:DescribeServices"
                   - "ecs:UpdateService"
                 Resource:
-                  - !Ref BBBgreenlightService
+                  - !If [ BBBGreenlight, !Ref BBBgreenlightService, !Ref "AWS::NoValue" ] 
                   - !Ref BBBScaleliteService
                   - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*"
 
@@ -1147,9 +1148,11 @@ Outputs:
     Description: Scalelite Application Load Balancer Target Group
     Value: !Ref BBBScaleliteTG
   BBBgreenlightTaskdefinition:
+    Condition: BBBGreenlight
     Description: Frontend Task Definition
     Value: !Ref BBBgreenlightTaskdefinition
   BBBgreenlightService:
+    Condition: BBBGreenlight
     Description: Frontend Service
     Value: !Ref BBBgreenlightService
   BBBScaleliteTaskdefinition:

diff --git a/templates/bbb-on-aws-securitygroups.template.yaml b/templates/bbb-on-aws-securitygroups.template.yaml
@@ -21,11 +21,19 @@ Parameters:
   BBBECSInstanceType: 
     Description: Set the ECS Cluster Type to either EC2 based or Fargate based deployments
     Type: String
+  BBBFrontendType: 
+    Type: String
+    Default: Greenlight
+    AllowedValues:
+      - Greenlight
+      - External
 
 Conditions:
   BBBScalableEnvironment: !Equals [!Ref BBBEnvironmentType, scalable]
   BBBECSFargate: !Equals [!Ref BBBECSInstanceType, fargate]
   BBBECSEC2: !Not [!Equals [!Ref BBBECSInstanceType, fargate]]
+  BBBGreenlight: !Equals [!Ref BBBFrontendType, Greenlight]
+  BBBScalableGreenlight: !And [!Equals [!Ref BBBFrontendType, Greenlight], !Equals [!Ref BBBEnvironmentType, scalable]]
 
 Resources:
   BBBECSTaskSecurityGroup:
@@ -64,14 +72,14 @@ Resources:
 
   BBBFrontendELBSecurityGroup:
     Type: AWS::EC2::SecurityGroup
-    Condition: BBBScalableEnvironment
+    Condition: BBBScalableGreenlight
     Properties:
       GroupDescription: ALB Security Group
       VpcId: !Ref BBBVPCs
 
   BBBECSSecurityGroupPublicports:
     Type: AWS::EC2::SecurityGroupIngress
-    Condition: BBBScalableEnvironment
+    Condition: BBBScalableGreenlight
     Properties:
       CidrIp: 0.0.0.0/0
       IpProtocol: tcp
@@ -81,7 +89,7 @@ Resources:
 
   BBBECSSecurityGroupPublicHTTP:
     Type: AWS::EC2::SecurityGroupIngress
-    Condition: BBBScalableEnvironment
+    Condition: BBBScalableGreenlight
     Properties:
       CidrIp: 0.0.0.0/0
       IpProtocol: tcp
@@ -91,7 +99,7 @@ Resources:
 
   BBBFrontendSecurityGroupALBports:
     Type: AWS::EC2::SecurityGroupIngress
-    Condition: BBBScalableEnvironment
+    Condition: BBBScalableGreenlight
     Properties:
       GroupId: !Ref BBBECSTaskSecurityGroup
       IpProtocol: tcp
@@ -264,7 +272,7 @@ Outputs:
     Description: A reference to the created Security Group for ECS
     Value: !Ref BBBECSTaskSecurityGroup
   BBBFrontendELBSecurityGroup:
-    Condition: BBBScalableEnvironment
+    Condition: BBBScalableGreenlight
     Description: A reference to the created Security Group for ELB
     Value: !Ref BBBFrontendELBSecurityGroup
   BBBScaleliteELBSecurityGroup: