Skip to content

Commit

Permalink
Multiple changes to make the bastion more parameterised. (#7)
Browse files Browse the repository at this point in the history
* Add mappings for for min/max instance count.

* Allow the DNS zone and record to have a custom name.

* Add defaults for min/max.

* Fix name ordering.

* Allow the bastion to have a custom name.

* Proper default...

* Set the default DNS record to the variable.
  • Loading branch information
zac authored and Guslington committed May 16, 2019
1 parent ed3615b commit 690b295
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 5 deletions.
4 changes: 4 additions & 0 deletions bastion.cfhighlander.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,9 @@
ComponentParam 'VPCId', type: 'AWS::EC2::VPC::Id'
ComponentParam 'SecurityGroupDev'
ComponentParam 'SecurityGroupOps'
ComponentParam 'AsgMin', 1
ComponentParam 'AsgMax', 1
ComponentParam 'HostedZoneName'
ComponentParam 'RecordName'
end
end
13 changes: 8 additions & 5 deletions bastion.cfndsl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

az_conditions_resources('SubnetPublic', maximum_availability_zones)

Condition('HostedZoneNameProvided', FnNot(FnEquals(Ref('HostedZoneName'), '')))
Condition('RecordNameProvided', FnNot(FnEquals(Ref('RecordName'), '')))

EC2_SecurityGroup('SecurityGroupBastion') do
GroupDescription FnJoin(' ', [ Ref('EnvironmentName'), component_name ])
VpcId Ref('VPCId')
Expand All @@ -13,9 +16,9 @@
end

RecordSet('BastionDNS') do
HostedZoneName FnJoin('', [ Ref('EnvironmentName'), '.', Ref('DnsDomain'), '.'])
HostedZoneName FnIf('HostedZoneNameProvided', Ref('HostedZoneName'), FnSub('${EnvironmentName}.${DnsDomain}.'))
Comment 'Bastion Public Record Set'
Name FnJoin('', [ "bastion", ".", Ref('EnvironmentName'), '.', Ref('DnsDomain'), '.' ])
Name FnIf('RecordNameProvided', Ref('RecordName'), FnSub("#{instance_name}.${EnvironmentName}.${DnsDomain}."))
Type 'A'
TTL 60
ResourceRecords [ Ref("BastionIPAddress") ]
Expand Down Expand Up @@ -60,10 +63,10 @@
})
LaunchConfigurationName Ref('LaunchConfig')
HealthCheckGracePeriod '500'
MinSize 1
MaxSize 1
MinSize Ref('AsgMin')
MaxSize Ref('AsgMax')
VPCZoneIdentifier az_conditional_resources('SubnetPublic', maximum_availability_zones)
addTag("Name", FnJoin("",[Ref('EnvironmentName'), "-bastion-xx"]), true)
addTag("Name", FnJoin("",[Ref('EnvironmentName'), "-#{instance_name}-xx"]), true)
addTag("Environment",Ref('EnvironmentName'), true)
addTag("EnvironmentType", Ref('EnvironmentType'), true)
addTag("Role", "bastion", true)
Expand Down
1 change: 1 addition & 0 deletions bastion.config.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
maximum_availability_zones: 5
instance_name: bastion

# Set `ip_blocks` here or export from vpc component
# ip_blocks:
Expand Down

0 comments on commit 690b295

Please sign in to comment.