search

Cloudy-Networks / cloudydeploys

Deploy infrastructure for games and more in the free tier of AWS
0 stars 0 forks source link

Abstraction of security group ports for supporting different deploys #9

Open russelltadams opened 3 years ago

russelltadams commented 3 years ago

Currently, the SecurityGroup for the instance is defined in the ec2 stack. The tcp or udp port that are specific to the game or app deploy should be abstracted out as a parameter, or somehow defined by a part of the stack that is specific to that game or app. Here is an example of how we do it now:

  SecurityGroup:
      Type: AWS::EC2::SecurityGroup
      Properties:
        GroupDescription: Allow clients into the-oa
        SecurityGroupEgress:
            - IpProtocol: -1
              CidrIp: 0.0.0.0/0
        SecurityGroupIngress:
            - IpProtocol: udp
              FromPort: 27960
              ToPort: 27960
              CidrIp: 0.0.0.0/0
            - IpProtocol: tcp
              FromPort: 22
              ToPort: 22
              CidrIp: 0.0.0.0/0
            - IpProtocol: tcp
              FromPort: 80
              ToPort: 80
              CidrIp: 0.0.0.0/0
            - IpProtocol: tcp
              FromPort: 443
              ToPort: 443
              CidrIp: 0.0.0.0/0
        Tags:
        - Key: Name
          Value: !Sub ${AWS::StackName}-SecurityGroup
        VpcId: !Ref VPC

For example, maybe port 22 is part of the "baseline" deploy and is always defined, but other ports should only be defined IF they are needed by the deploy being used. This might be a good use case for conditionals!

russelltadams commented 3 years ago

adding this to the milestone, I guess this would make it portable between game deploys, from the Security Group perspective, it probably belongs in the 1st milestone...