Parameters:
EnvironmentName:
Description: An environment name that is prefixed to resource names
Type: String
Default: "wsi"
SecurityGroupDescription:
Description: Security Group Description
Type: String
Default: "efs-sg"
Resources:
#EFS Security Group
EFSSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Ref SecurityGroupDescription
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 2049
ToPort: 2049
SourceSecurityGroupId: !Ref BastionSecurityGroup
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-efs-sg
#EC2 Private Security Group
EC2IngressFromEFS:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref BastionSecurityGroup
IpProtocol: tcp
FromPort: 2049
ToPort: 2049
SourceSecurityGroupId: !Ref EFSSecurityGroup
EC2EngressFromEFS:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !Ref BastionSecurityGroup
IpProtocol: tcp
FromPort: 2049
ToPort: 2049
DestinationSecurityGroupId: !Ref EFSSecurityGroup
#EFS
ElasticFileSystem:
Type: AWS::EFS::FileSystem
Properties:
FileSystemTags:
- Key: Name
Value: !Sub ${EnvironmentName}-efs
MountTargetResource1:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref ElasticFileSystem
SubnetId: !Ref PrivateSubnet1
SecurityGroups:
- !Ref EFSSecurityGroup
MountTargetResource2:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref ElasticFileSystem
SubnetId: !Ref PrivateSubnet2
SecurityGroups:
- !Ref EFSSecurityGroup
Outputs:
EFSSecurityGroup:
Description: "EFS SecurityGroup"
Value: !Ref EFSSecurityGroup
Export:
Name:
"Fn::Sub": "${AWS::StackName}-efs-sg"
ElasticFileSystem:
Description: "Elastic File System"
Value: !Ref ElasticFileSystem
Export:
Name:
"Fn::Sub": "${AWS::StackName}-efs"