updated security group management
diff --git a/environments/aws/aws_create.yml b/environments/aws/aws_create.yml
index f2500e0..778e697 100644
--- a/environments/aws/aws_create.yml
+++ b/environments/aws/aws_create.yml
@@ -16,6 +16,9 @@
- name: "Load operating system"
include_vars: "os/{{ os_selection }}.yml"
+ - name: "Load security group settings"
+ include_vars: "security/{{ security_group }}.yml"
+
roles:
- apigee-opdk-aws-security-group
- apigee-opdk-aws-create
diff --git a/environments/aws/profiles/edge-1601.yml b/environments/aws/profiles/edge-1601.yml
index ccdb1c0..ad32ce3 100644
--- a/environments/aws/profiles/edge-1601.yml
+++ b/environments/aws/profiles/edge-1601.yml
@@ -5,34 +5,3 @@
session_name: edge-1601-dc
application: edge
pod: NA
-security_group: OPDK
-rules:
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 80
- to_port: 80
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 9000
- to_port: 9010
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 8080
- to_port: 8080
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 22
- to_port: 22
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 443
- to_port: 443
-rules_egress:
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 80
- to_port: 80
- - proto: tcp
- cidr_ip: 172.16.0.0/12
- from_port: 0
- to_port: 65535
diff --git a/environments/aws/profiles/edgemicro-1601.yml b/environments/aws/profiles/edgemicro-1601.yml
index 1bd9daa..f17fa83 100644
--- a/environments/aws/profiles/edgemicro-1601.yml
+++ b/environments/aws/profiles/edgemicro-1601.yml
@@ -6,46 +6,3 @@
application: edgemicro
pod: NA
env: edgemicro
-security_group: EDGEMICRO
-rules:
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 80
- to_port: 80
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 9000
- to_port: 9010
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 8080
- to_port: 8080
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 22
- to_port: 22
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 443
- to_port: 443
- - proto: tcp
- cidr_ip: 172.16.0.0/12
- from_port: 0
- to_port: 65535
-rules_egress:
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 80
- to_port: 80
- - proto: all
- cidr_ip: 172.16.0.0/12
- from_port: 0
- to_port: 65535
- - proto: tcp
- cidr_ip: 0.0.0.0/0
- from_port: 443
- to_port: 443
- - proto: udp
- cidr_ip: 0.0.0.0/0
- from_port: 123
- to_port: 123
diff --git a/environments/aws/remove-security-group.yml b/environments/aws/remove-security-group.yml
index fb524c0..528b747 100644
--- a/environments/aws/remove-security-group.yml
+++ b/environments/aws/remove-security-group.yml
@@ -5,6 +5,11 @@
- ~/.apigee/credentials.yml
pre_tasks:
+ - name: Refresh setup
+ setup:
+
+ - name: Refresh EC2_facts
+ ec2_facts:
roles:
- - { role: apigee-opdk-aws-security-group, ec2_group_state: absent }
+ - { role: apigee-opdk-aws-security-group, ec2_group_state: absent, security_group: '{{ security_group }}' }
diff --git a/environments/aws/security/EDGEMICRO.yml b/environments/aws/security/EDGEMICRO.yml
new file mode 100644
index 0000000..943e56a
--- /dev/null
+++ b/environments/aws/security/EDGEMICRO.yml
@@ -0,0 +1,49 @@
+---
+security_group: EDGEMICRO
+security_group_description: Security group for Edgemicro
+rules:
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 80
+ to_port: 80
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 9000
+ to_port: 9010
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 8080
+ to_port: 8080
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 22
+ to_port: 22
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 443
+ to_port: 443
+ - proto: tcp
+ cidr_ip: 172.16.0.0/12
+ from_port: 0
+ to_port: 65535
+rules_egress:
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 80
+ to_port: 80
+ - proto: all
+ cidr_ip: 172.16.0.0/12
+ from_port: 0
+ to_port: 65535
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 443
+ to_port: 443
+ - proto: tcp
+ cidr_ip: 172.16.0.0/12
+ from_port: 22
+ to_port: 22
+ - proto: udp
+ cidr_ip: 0.0.0.0/0
+ from_port: 123
+ to_port: 123
diff --git a/environments/aws/security/OPDK.yml b/environments/aws/security/OPDK.yml
new file mode 100644
index 0000000..f984c03
--- /dev/null
+++ b/environments/aws/security/OPDK.yml
@@ -0,0 +1,45 @@
+---
+security_group: OPDK
+security_group_description: Default OPDK ports
+rules:
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 80
+ to_port: 80
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 9000
+ to_port: 9010
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 8080
+ to_port: 8080
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 22
+ to_port: 22
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 443
+ to_port: 443
+rules_egress:
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 80
+ to_port: 80
+ - proto: tcp
+ cidr_ip: 172.16.0.0/12
+ from_port: 0
+ to_port: 65535
+ - proto: tcp
+ cidr_ip: 0.0.0.0/0
+ from_port: 443
+ to_port: 443
+ - proto: tcp
+ cidr_ip: 172.16.0.0/12
+ from_port: 22
+ to_port: 22
+ - proto: udp
+ cidr_ip: 0.0.0.0/0
+ from_port: 123
+ to_port: 123
diff --git a/environments/aws/security/OPDK_WITH_MIRROR.yml b/environments/aws/security/OPDK_WITH_MIRROR.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/environments/aws/security/OPDK_WITH_MIRROR.yml
@@ -0,0 +1 @@
+---
