Skip to content

Commit 5358bd1

Browse files
author
Christopher M. Neill
committed
Initial check in.
1 parent 15099a9 commit 5358bd1

15 files changed

Lines changed: 1212 additions & 0 deletions

File tree

ansible/gamma-hosts/hosts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,14 @@ api
2020
[api]
2121
gamma-api
2222

23+
[consul]
24+
gamma-services
25+
gamma-api
26+
gamma-web
27+
28+
[vault]
29+
gamma-services
30+
2331
[worker]
2432
gamma-api
2533

ansible/roles/aws_security_groups/templates/api.json

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
{
2+
"SecurityGroups": [
3+
{
4+
"IpPermissionsEgress": [
5+
{
6+
"IpProtocol": "-1",
7+
"IpRanges": [
8+
{
9+
"CidrIp": "0.0.0.0/0"
10+
}
11+
],
12+
"UserIdGroupPairs": [],
13+
"PrefixListIds": []
14+
}
15+
],
16+
"Description": "{{ env_uc }} API Security Grouping",
17+
"IpPermissions": [
18+
{
19+
"PrefixListIds": [],
20+
"FromPort": 8400,
21+
"IpRanges": [],
22+
"ToPort": 8400,
23+
"IpProtocol": "tcp",
24+
"UserIdGroupPairs": [
25+
{
26+
"UserId": "{{ aws_accountid }}",
27+
"GroupId": "{{ sgid_services }}"
28+
},
29+
{
30+
"UserId": "{{ aws_accountid }}",
31+
"GroupId": "{{ sgid_api }}"
32+
},
33+
{
34+
"UserId": "{{ aws_accountid }}",
35+
"GroupId": "sg-d03671b4"
36+
},
37+
{
38+
"UserId": "{{ aws_accountid }}",
39+
"GroupId": "{{ sgid_docks }}"
40+
}
41+
]
42+
},
43+
{
44+
"PrefixListIds": [],
45+
"FromPort": 32768,
46+
"IpRanges": [],
47+
"ToPort": 65535,
48+
"IpProtocol": "tcp",
49+
"UserIdGroupPairs": [
50+
{
51+
"UserId": "{{ aws_accountid }}",
52+
"GroupId": "{{ sgid_hipache }}"
53+
}
54+
]
55+
},
56+
{
57+
"PrefixListIds": [],
58+
"FromPort": 22,
59+
"IpRanges": [],
60+
"ToPort": 22,
61+
"IpProtocol": "tcp",
62+
"UserIdGroupPairs": [
63+
{
64+
"UserId": "{{ aws_accountid }}",
65+
"GroupId": "{{ sgid_bastion }}"
66+
}
67+
]
68+
},
69+
{
70+
"PrefixListIds": [],
71+
"FromPort": 8500,
72+
"IpRanges": [],
73+
"ToPort": 8500,
74+
"IpProtocol": "tcp",
75+
"UserIdGroupPairs": [
76+
{
77+
"UserId": "{{ aws_accountid }}",
78+
"GroupId": "{{ sgid_services }}"
79+
},
80+
{
81+
"UserId": "{{ aws_accountid }}",
82+
"GroupId": "{{ sgid_api }}"
83+
},
84+
{
85+
"UserId": "{{ aws_accountid }}",
86+
"GroupId": "sg-d03671b4"
87+
},
88+
{
89+
"UserId": "{{ aws_accountid }}",
90+
"GroupId": "{{ sgid_docks }}"
91+
}
92+
]
93+
},
94+
{
95+
"PrefixListIds": [],
96+
"FromPort": 8300,
97+
"IpRanges": [],
98+
"ToPort": 8302,
99+
"IpProtocol": "tcp",
100+
"UserIdGroupPairs": [
101+
{
102+
"UserId": "{{ aws_accountid }}",
103+
"GroupId": "{{ sgid_services }}"
104+
},
105+
{
106+
"UserId": "{{ aws_accountid }}",
107+
"GroupId": "{{ sgid_api }}"
108+
},
109+
{
110+
"UserId": "{{ aws_accountid }}",
111+
"GroupId": "sg-d03671b4"
112+
},
113+
{
114+
"UserId": "{{ aws_accountid }}",
115+
"GroupId": "{{ sgid_docks }}"
116+
}
117+
]
118+
}
119+
],
120+
"GroupName": "{{ env_lc }}-api",
121+
"VpcId": "{{ vpc_id }}",
122+
"OwnerId": "{{ aws_accountid }}",
123+
"GroupId": "{{ sgid_api }}"
124+
}
125+
]
126+
}

ansible/roles/aws_security_groups/templates/bastion.json

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
{
2+
"SecurityGroups": [
3+
{
4+
"IpPermissionsEgress": [
5+
{
6+
"IpProtocol": "-1",
7+
"IpRanges": [
8+
{
9+
"CidrIp": "0.0.0.0/0"
10+
}
11+
],
12+
"UserIdGroupPairs": [],
13+
"PrefixListIds": []
14+
}
15+
],
16+
"Description": "ssh in only",
17+
"Tags": [
18+
{
19+
"Value": "{{ env_lc }}-bastion",
20+
"Key": "Name"
21+
}
22+
],
23+
"IpPermissions": [
24+
{
25+
"PrefixListIds": [],
26+
"FromPort": 22,
27+
"IpRanges": [
28+
{
29+
"CidrIp": "0.0.0.0/0"
30+
}
31+
],
32+
"ToPort": 22,
33+
"IpProtocol": "tcp",
34+
"UserIdGroupPairs": []
35+
}
36+
],
37+
"GroupName": "{{ env_lc }}-bastion",
38+
"VpcId": "{{ vpc_id }}",
39+
"OwnerId": "{{ aws_accountid }}",
40+
"GroupId": "{{ sgid_bastion }}"
41+
}
42+
]
43+
}

0 commit comments

Comments
 (0)