From 8540170bfac96036ac9fb6cc1eb45ad26b71d589 Mon Sep 17 00:00:00 2001 From: David Surey Date: Thu, 6 Oct 2022 22:12:45 +0200 Subject: [PATCH] use parameter to disable greenlight, removing unneeded properties for launch templates, disable SGs not needed w/o greenlight --- bbb-on-aws-root.template.yaml | 12 +++++++++--- .../bbb-on-aws-bbbappscalable.template.yaml | 3 --- .../bbb-on-aws-bbbappsingle.template.yaml | 3 --- templates/bbb-on-aws-bbbturn.template.yaml | 3 --- .../bbb-on-aws-frontendapps.template.yaml | 5 ++++- .../bbb-on-aws-securitygroups.template.yaml | 18 +++++++++++++----- 6 files changed, 26 insertions(+), 18 deletions(-) diff --git a/bbb-on-aws-root.template.yaml b/bbb-on-aws-root.template.yaml index a0d8a6a..a92795b 100644 --- a/bbb-on-aws-root.template.yaml +++ b/bbb-on-aws-root.template.yaml @@ -479,6 +479,7 @@ Conditions: BBBExistingVPC: !And [ !Not [ !Equals [ !Ref BBBVPCs, "" ]], !Equals [ !Select [ 0, !Split [ vpc-, !Ref BBBVPCs ]], "" ]] BBBNewVPC: !Not [ Condition: BBBExistingVPC ] BBBSESNotValidated: !Equals [false, !Ref BBBSESValidated] + BBBGreenlight: !Equals [!Ref BBBFrontendType, Greenlight] Resources: @@ -667,6 +668,8 @@ Resources: Ref: BBBEnvironmentType BBBECSInstanceType: Ref: BBBECSInstanceType + BBBFrontendType: + Ref: BBBFrontendType Tags: - Key: Name Value: @@ -1149,9 +1152,12 @@ Resources: - "," - Ref: BBBPublicApplicationSubnets BBBFrontendELBSecurityGroup: - Fn::GetAtt: - - BBBSecurityGroupStack - - Outputs.BBBFrontendELBSecurityGroup + Fn::If: + - BBBGreenlight + - Fn::GetAtt: + - BBBSecurityGroupStack + - Outputs.BBBFrontendELBSecurityGroup + - "AWS::NoValue" BBBScaleliteELBSecurityGroup: Fn::GetAtt: - BBBSecurityGroupStack diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index 8042a9a..e0eb044 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -286,13 +286,10 @@ Resources: VolumeSize: !Ref BBBApplicationDataVolumeSize VolumeType: gp2 Encrypted: true - EbsOptimized: true IamInstanceProfile: Arn: !GetAtt BBBApplicationEC2InstanceProfile.Arn ImageId: !Ref BBBLatestApplicationAmiId InstanceType: !Ref BBBApplicationInstanceType - Monitoring: - Enabled: true NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: 0 diff --git a/templates/bbb-on-aws-bbbappsingle.template.yaml b/templates/bbb-on-aws-bbbappsingle.template.yaml index 53e9cda..5e0f25e 100644 --- a/templates/bbb-on-aws-bbbappsingle.template.yaml +++ b/templates/bbb-on-aws-bbbappsingle.template.yaml @@ -246,13 +246,10 @@ Resources: VolumeSize: !Ref BBBApplicationDataVolumeSize VolumeType: gp2 Encrypted: true - EbsOptimized: true IamInstanceProfile: Arn: !GetAtt BBBApplicationEC2InstanceProfile.Arn ImageId: !Ref BBBLatestApplicationAmiId InstanceType: !Ref BBBApplicationInstanceType - Monitoring: - Enabled: true NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: 0 diff --git a/templates/bbb-on-aws-bbbturn.template.yaml b/templates/bbb-on-aws-bbbturn.template.yaml index 27007dd..46caffe 100644 --- a/templates/bbb-on-aws-bbbturn.template.yaml +++ b/templates/bbb-on-aws-bbbturn.template.yaml @@ -246,13 +246,10 @@ Resources: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateData: - EbsOptimized: false IamInstanceProfile: Arn: !GetAtt BBBTurnEC2InstanceProfile.Arn ImageId: !Ref BBBLatestTurnAmiId InstanceType: !Ref BBBTurnInstanceType - Monitoring: - Enabled: true NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: 0 diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index d3d4b3d..a236f9a 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -18,6 +18,7 @@ Parameters: BBBFrontendELBSecurityGroup: Description: Security Group that should be assigned for the frontend ELB Type: String + Default: "AWS::NoValue" BBBScaleliteELBSecurityGroup: Description: Security Group that should be assigned for the Scalelite ELB Type: String @@ -410,7 +411,7 @@ Resources: - "ecs:DescribeServices" - "ecs:UpdateService" Resource: - - !Ref BBBgreenlightService + - !If [ BBBGreenlight, !Ref BBBgreenlightService, !Ref "AWS::NoValue" ] - !Ref BBBScaleliteService - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*" @@ -1147,9 +1148,11 @@ Outputs: Description: Scalelite Application Load Balancer Target Group Value: !Ref BBBScaleliteTG BBBgreenlightTaskdefinition: + Condition: BBBGreenlight Description: Frontend Task Definition Value: !Ref BBBgreenlightTaskdefinition BBBgreenlightService: + Condition: BBBGreenlight Description: Frontend Service Value: !Ref BBBgreenlightService BBBScaleliteTaskdefinition: diff --git a/templates/bbb-on-aws-securitygroups.template.yaml b/templates/bbb-on-aws-securitygroups.template.yaml index 7f3af7f..8f2d40a 100644 --- a/templates/bbb-on-aws-securitygroups.template.yaml +++ b/templates/bbb-on-aws-securitygroups.template.yaml @@ -21,11 +21,19 @@ Parameters: BBBECSInstanceType: Description: Set the ECS Cluster Type to either EC2 based or Fargate based deployments Type: String + BBBFrontendType: + Type: String + Default: Greenlight + AllowedValues: + - Greenlight + - External Conditions: BBBScalableEnvironment: !Equals [!Ref BBBEnvironmentType, scalable] BBBECSFargate: !Equals [!Ref BBBECSInstanceType, fargate] BBBECSEC2: !Not [!Equals [!Ref BBBECSInstanceType, fargate]] + BBBGreenlight: !Equals [!Ref BBBFrontendType, Greenlight] + BBBScalableGreenlight: !And [!Equals [!Ref BBBFrontendType, Greenlight], !Equals [!Ref BBBEnvironmentType, scalable]] Resources: BBBECSTaskSecurityGroup: @@ -64,14 +72,14 @@ Resources: BBBFrontendELBSecurityGroup: Type: AWS::EC2::SecurityGroup - Condition: BBBScalableEnvironment + Condition: BBBScalableGreenlight Properties: GroupDescription: ALB Security Group VpcId: !Ref BBBVPCs BBBECSSecurityGroupPublicports: Type: AWS::EC2::SecurityGroupIngress - Condition: BBBScalableEnvironment + Condition: BBBScalableGreenlight Properties: CidrIp: 0.0.0.0/0 IpProtocol: tcp @@ -81,7 +89,7 @@ Resources: BBBECSSecurityGroupPublicHTTP: Type: AWS::EC2::SecurityGroupIngress - Condition: BBBScalableEnvironment + Condition: BBBScalableGreenlight Properties: CidrIp: 0.0.0.0/0 IpProtocol: tcp @@ -91,7 +99,7 @@ Resources: BBBFrontendSecurityGroupALBports: Type: AWS::EC2::SecurityGroupIngress - Condition: BBBScalableEnvironment + Condition: BBBScalableGreenlight Properties: GroupId: !Ref BBBECSTaskSecurityGroup IpProtocol: tcp @@ -264,7 +272,7 @@ Outputs: Description: A reference to the created Security Group for ECS Value: !Ref BBBECSTaskSecurityGroup BBBFrontendELBSecurityGroup: - Condition: BBBScalableEnvironment + Condition: BBBScalableGreenlight Description: A reference to the created Security Group for ELB Value: !Ref BBBFrontendELBSecurityGroup BBBScaleliteELBSecurityGroup: