resolve issue with databases needing their subnet ids

templates/assets/env-ec2.yml

@@ -60,15 +60,43 @@ Parameters:
     Description: The security group to add to the ECS instance for access to consul (optional)
     Default: ''
 Resources:
-  WaitHandle:
-    Type: "AWS::CloudFormation::WaitConditionHandle"
+  InstanceSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      VpcId:
+        Fn::ImportValue: !Sub ${VpcId}
+      GroupDescription: Microservice Host Security Group
+      SecurityGroupIngress:
+      - IpProtocol: tcp
+        FromPort: '22'
+        ToPort: '22'
+        CidrIp: !Ref SshAllow
+  Host2HostRule:
+    Type: AWS::EC2::SecurityGroupIngress
+    Properties:
+      IpProtocol: tcp
+      FromPort: '0'
+      ToPort: '65535'
+      SourceSecurityGroupId: !GetAtt InstanceSecurityGroup.GroupId
+      GroupId: !GetAtt InstanceSecurityGroup.GroupId
 Outputs:
   VpcId:
     Value:
       Fn::ImportValue: !Sub ${VpcId}
     Description: Vpc Id for the environment
     Export:
       Name: !Sub ${AWS::StackName}-VpcId
+  InstanceSecurityGroup:
+    Value: !Ref InstanceSecurityGroup
+    Description: Security Group ID for the microservice instances
+    Export:
+      Name: !Sub ${AWS::StackName}-InstanceSecurityGroup
+  InstanceSubnetIds:
+    Value:
+      Fn::ImportValue: !Sub ${InstanceSubnetIds}
+    Description: Subnet Ids for the ECS cluster
+    Export:
+      Name: !Sub ${AWS::StackName}-InstanceSubnetIds
   KeyName:
     Value: !Ref KeyName
   InstanceType:
@@ -85,8 +113,6 @@ Outputs:
     Value: !Ref ScaleInThreshold
   ImageId:
     Value: !Ref ImageId
-  InstanceSubnetIds:
-    Value: !Ref InstanceSubnetIds
   HttpProxy:
     Value: !Ref HttpProxy
   ConsulServerAutoScalingGroup:

templates/assets/env-ecs.yml

@@ -528,4 +528,9 @@ Outputs:
     Description: Name of the ECS cluster.
     Export:
       Name: !Sub ${AWS::StackName}-EcsCluster
+  InstanceSecurityGroup:
+    Value: !Ref InstanceSecurityGroup
+    Description: Security Group ID for the microservice instances
+    Export:
+      Name: !Sub ${AWS::StackName}-InstanceSecurityGroup
 

templates/assets/service-ec2.yml

@@ -95,6 +95,9 @@ Parameters:
   InstanceSubnetIds:
     Type: String
     Description: Name of the value to import for the ecs subnet ids
+  InstanceSecurityGroup:
+    Type: String
+    Description: Name of the security group to associate with instances
   HttpProxy:
     Type: String
     Description: Proxy to use from ECS cluster instances (host:port)
@@ -209,25 +212,6 @@ Conditions:
         - !Ref ConsulServerAutoScalingGroup
         - ''
 Resources:
-  InstanceSecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      VpcId:
-        Fn::ImportValue: !Sub ${VpcId}
-      GroupDescription: Microservice Host Security Group
-      SecurityGroupIngress:
-      - IpProtocol: tcp
-        FromPort: '22'
-        ToPort: '22'
-        CidrIp: !Ref SshAllow
-  Host2HostRule:
-    Type: AWS::EC2::SecurityGroupIngress
-    Properties:
-      IpProtocol: tcp
-      FromPort: '0'
-      ToPort: '65535'
-      SourceSecurityGroupId: !GetAtt InstanceSecurityGroup.GroupId
-      GroupId: !GetAtt InstanceSecurityGroup.GroupId
   ServiceAutoScalingGroup:
     Type: AWS::AutoScaling::AutoScalingGroup
     DependsOn:

workflows/service_deploy.go

@@ -113,6 +113,7 @@ func (workflow *serviceWorkflow) serviceApplyEc2Params(params map[string]string)
 			"ElbSecurityGroup",
 			"ConsulRpcClientSecurityGroup",
 			"InstanceSubnetIds",
+			"InstanceSecurityGroup",
 		} {
 			params[key] = workflow.envStack.Parameters[key]
 		}