Submitting for PR.

Christopher M. Neill · Christopher M. Neill · commit 6eb4ae702f84 · 2015-12-06T08:03:49.000-05:00
diff --git a/ansible/roles/ec2/sg_configure/tasks/main.yml b/ansible/roles/ec2/sg_configure/tasks/main.yml
@@ -17,7 +17,6 @@
         from_port: 22
         to_port: 22
         cidr_ip: 0.0.0.0/0
-    rules_egress:
       - proto: all
         from_port: -1
         to_port: -1
@@ -401,14 +400,15 @@
         from_port: 22
         to_port: 22
         group_id: "{{ sg_bastion }}"
+      - proto: tcp
+        from_port: 5432
         to_port: 5432
         group_id: "{{ sg_services }}"
     rules_egress:
       - proto: all
         from_port: -1
         to_port: -1
         group_id: "{{ sg_rds }}"
-      - proto: tcp
 
 - name: Redis SG
   tags:
@@ -549,3 +549,98 @@
         from_port: 8500
         to_port: 8500
         group_id: "{{ sg_web }}"
+      - proto: tcp
+        from_port: 32768
+        to_port: 65535
+        group_id: "{{ sg_dock }}"
+      - proto: tcp
+        from_port: 32768
+        to_port: 65535
+        group_id: "{{ sg_hipache }}"
+      - proto: tcp
+        from_port: 32768
+        to_port: 63353
+        group_id: "{{ sg_services }}"
+    rules_egress:
+      - proto: all
+        from_port: -1
+        to_port: -1
+        group_id: "{{ sg_services }}"
+  
+- name: Userland Hipache
+  tags:
+    - userland
+  ec2_group:
+    name: "{{ env }}-userland"
+    description: "{{ env }} Userland Hipache Security Policy"
+    vpc_id: "{{ vpc_id }}"
+    region: us-west-2
+    aws_secret_key: "{{ aws_secret_key }}"
+    aws_access_key: "{{ aws_access_key }}"
+    rules:
+      - proto: tcp
+        from_port: 80
+        to_port: 65535
+        cidr_ip: 0.0.0.0/0
+  
+- name: Web
+  tags:
+    - web
+  ec2_group:
+    name: "{{ env }}-web"
+    description: "{{ env }} Web Security Policy"
+    vpc_id: "{{ vpc_id }}"
+    region: us-west-2
+    aws_secret_key: "{{ aws_secret_key }}"
+    aws_access_key: "{{ aws_access_key }}"
+    rules:
+      - proto: tcp
+        from_port: 22
+        to_port: 22
+        cidr_ip: 0.0.0.0/0
+      - proto: tcp
+        from_port: 8200
+        to_port: 8200
+        group_id: "{{ sg_api }}"
+      - proto: tcp
+        from_port: 8200
+        to_port: 8200
+        group_id: "{{ sg_services }}"
+      - proto: tcp
+        from_port: 8300
+        to_port: 8302
+        group_id: "{{ sg_api }}"
+      - proto: tcp
+        from_port: 8300
+        to_port: 8302
+        group_id: "{{ sg_services }}"
+      - proto: tcp
+        from_port: 8400
+        to_port: 8400
+        group_id: "{{ sg_api }}"
+      - proto: tcp
+        from_port: 8400
+        to_port: 8400
+        group_id: "{{ sg_services }}"
+      - proto: tcp
+        from_port: 8500
+        to_port: 8500
+        group_id: "{{ sg_api }}"
+      - proto: tcp
+        from_port: 8500
+        to_port: 8500
+        group_id: "{{ sg_services }}"
+      - proto: tcp
+        from_port: 32768
+        to_port: 65535
+        group_id: "{{ sg_api }}"
+      - proto: tcp
+        from_port: 32768
+        to_port: 65535
+        group_id: "{{ sg_hipache }}"
+    rules_egress:
+      - proto: all
+        from_port: -1
+        to_port: -1
+        group_id: "{{ sg_web }}"
+
diff --git a/ssh/config b/ssh/config
@@ -332,6 +332,18 @@ Host delta-hipache
 Host delta-navi
   ProxyCommand ssh -q ubuntu@delta-bastion nc 10.8.6.41 22
 
+Host delta-mongo-a
+  ProxyCommand ssh -q ubuntu@delta-bastion nc 10.8.4.216 22
+
+Host delta-mongo-b
+  ProxyCommand ssh -q ubuntu@delta-bastion nc 10.8.10.254 22
+
+Host delta-mongo-b
+  ProxyCommand ssh -q ubuntu@delta-bastion nc 10.8.15.34 22
+
+Host delta-navi
+  ProxyCommand ssh -q ubuntu@delta-bastion nc 10.8.6.41 22
+
 ################################################################################
 # other
 ################################################################################
