{ "Resources": { "ClientAPISecurityGroup": {"Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Frontend API security group", "VpcId": {"Ref": "VPC"}, "SecurityGroupIngress": [ {"IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0"} ], "SecurityGroupEgress": [ {"IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0"} ] }}, "ClientAPILoadBalancer": {"Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "Subnets": [{"Ref": "PublicSubnet"}], "SecurityGroups": [{"Ref": "ClientAPISecurityGroup"}], "HealthCheck": { "HealthyThreshold": "3", "Interval": "60", "Target": "HTTP:80/v1/info", "Timeout": "5", "UnhealthyThreshold": "10" }, "Listeners": [{ "LoadBalancerPort": "443", "InstancePort": "80", "Protocol": "SSL", "InstanceProtocol": "TCP", "SSLCertificateId": {"Fn::FindInMap": ["StackZoneRecords", "ClientAPI", "ServerCertificateARN" ]} }] }}, "ClientAPIDNSRecord": {"Type": "AWS::Route53::RecordSet", "Properties": { "HostedZoneId": {"Fn::FindInMap": ["StackZoneRecords", "ClientAPI", "HostedZoneId" ]}, "Name": {"Fn::FindInMap": ["StackZoneRecords", "ClientAPI", "DNSName" ]}, "Type": "CNAME", "TTL": "300", "ResourceRecords": [{"Fn::GetAtt": ["ClientAPILoadBalancer", "DNSName"]}] }}, "FrontendSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Allow the application instances to access the NAT device", "VpcId" : { "Ref" : "VPC" }, "SecurityGroupIngress": [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp": "0.0.0.0/0"}, {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0"} ], "SecurityGroupEgress": [ {"IpProtocol": "-1", "CidrIp": "0.0.0.0/0"} ] } }, "FrontendAdminAPIIngress": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AdminAPISecurityGroup" }, "IpProtocol": "tcp", "FromPort": "51607", "ToPort": "51607", "SourceSecurityGroupId": { "Ref": "FrontendSecurityGroup" } } } } }