fix whitelisting

Author: andresionek91

cloudformation/60_databases.yml.j2

@@ -8,17 +8,17 @@ Resources:
       GroupDescription: Security group for Postgres Metadata DB. Public access
       GroupName: "{{ serviceName }}-{{ ENVIRONMENT }}-metadata-db-public-security-group"
       SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          FromPort: 0
+          IpProtocol: -1
+          ToPort: 0
+      SecurityGroupIngress:
       {% for ip in whitelistedIPs %}
         - CidrIp: "{{ ip }}"
           FromPort: "{{ metadataDb.port }}"
           IpProtocol: tcp
           ToPort: "{{ metadataDb.port }}"
       {% endfor %}
-      SecurityGroupIngress:
-        - CidrIp: 0.0.0.0/0
-          FromPort: "{{ metadataDb.port }}"
-          IpProtocol: tcp
-          ToPort: "{{ metadataDb.port }}"
         - CidrIp: "{{ service.cidrBlock }}/16"
           FromPort: "{{ metadataDb.port }}"
           IpProtocol: tcp

cloudformation/70_redis.yml.j2

@@ -17,12 +17,10 @@ Resources:
       GroupDescription: Security group for Redis
       GroupName: "{{ serviceName }}-{{ ENVIRONMENT }}-redis-security-group"
       SecurityGroupEgress:
-      {% for ip in whitelistedIPs %}
-        - CidrIp: "{{ ip }}"
-          FromPort: "{{ celeryBackend.port }}"
-          IpProtocol: tcp
-          ToPort: "{{ celeryBackend.port }}"
-      {% endfor %}
+        - CidrIp: 0.0.0.0/0
+          FromPort: 0
+          IpProtocol: -1
+          ToPort: 0
       SecurityGroupIngress:
         - CidrIp: "{{ service.cidrBlock }}/16"
           FromPort: "{{ celeryBackend.port }}"

cloudformation/83_airflow-flower.yml.j2

@@ -7,21 +7,17 @@ Resources:
       GroupDescription: Security group for Airflow Flower.  Allow all inbound traffic.
       GroupName: "{{ serviceName }}-{{ ENVIRONMENT }}-flower-external-security-group"
       SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          FromPort: 0
+          IpProtocol: -1
+          ToPort: 0
+      SecurityGroupIngress:
       {% for ip in whitelistedIPs %}
         - CidrIp: "{{ ip }}"
-          FromPort: 80
-          IpProtocol: tcp
-          ToPort: 80
-        - CidrIp: "{{ ip }}"
-          FromPort: 443
-          IpProtocol: tcp
-          ToPort: 443
-      {% endfor %}
-      SecurityGroupIngress:
-        - CidrIp: 0.0.0.0/0
           FromPort: "{{ service.port }}"
           IpProtocol: tcp
           ToPort: "{{ service.port }}"
+      {% endfor %}
       VpcId: !ImportValue network-VpcId
       Tags:
         - Key: Name

cloudformation/85_airflow-webserver.yml.j2

@@ -7,21 +7,17 @@ Resources:
       GroupDescription: Security group for Airflow webserver. Allow all inbound traffic.
       GroupName: "{{ serviceName }}-{{ ENVIRONMENT }}-webserver-security-group"
       SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          FromPort: 0
+          IpProtocol: -1
+          ToPort: 0
+      SecurityGroupIngress:
       {% for ip in whitelistedIPs %}
         - CidrIp: "{{ ip }}"
-          FromPort: 80
-          IpProtocol: tcp
-          ToPort: 80
-        - CidrIp: "{{ ip }}"
-          FromPort: 443
-          IpProtocol: tcp
-          ToPort: 443
-      {% endfor %}
-      SecurityGroupIngress:
-        - CidrIp: 0.0.0.0/0
           FromPort: "{{ service.port }}"
           IpProtocol: tcp
           ToPort: "{{ service.port }}"
+      {% endfor %}
       VpcId: !ImportValue network-VpcId
       Tags:
         - Key: Name

service.yml

@@ -81,8 +81,6 @@ publicSubnet:
     cidrBlock: 10.0.3.0/24
     availabilityZone: c
 
-# List of SecurityGroupEgress.
-# Will be used to whitelist IPs for webserver, flower, workers and scheduler
 whitelistedIPs:
   - 0.0.0.0/0