peoplesoft_security_groups.yaml
--- AWSTemplateFormatVersion: '2010-09-09' Description: PeopleSoft Security Groups - Common security groups used by PeopleSoft Environments #The following Security Groups will be created
  • peoplesoft-web-elb-sg
  • peoplesoft-web-sg
  • peoplesoft-app-elb-sg
  • peoplesoft-app-sg
  • peoplesoft-database-sg
  • peoplesoft-ssh-sg
  • peoplesoft-ses-sg
  • peoplesoft-controlm-sg
  • peoplesoft-controlm-agent-sg
Parameters: VPCCloudFormationName: Description: CloudFormation Security Group Name Type: String Default: "peoplesoft-vpc" ELMEFSCloudFormationName: Description: CloudFormation ELM EFS Name Type: String Default: "elm-efs" HREFSCloudFormationName: Description: CloudFormation HR EFS Name Type: String Default: "PeopleSoftHR-EFS" SAEFSCloudFormationName: Description: CloudFormation SA EFS Name Type: String Default: "PeopleSoftSA-EFS" SAEncryptedEFSCloudFormationName: Description: CloudFormation SA EFS Name Type: String Default: "PeopleSoftSA-EFS-Encrypted" Route53CloudFormationName: Description: CloudFormation PeopleSoft Route 53 Name Type: String Default: "peoplesoft-route53" FdnIAMCloudFormationName: Description: CloudFormation fdn-iam Name Type: String Default: "fdn-iam" Resources: WebElbSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-web-elb-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow all inbound traffic on port 80 and 443 SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "0.0.0.0/0" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "0.0.0.0/0" #HCM-12386 allow traffic on post 8200 for Excel to CI - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" CidrIp: "0.0.0.0/0" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-web-elb-sg" #This security group will be used to lock down an application to only allow #connections from specific subnets. This was created to only allow connections #from certain VPNs into HR environments WebElbSgPriv: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-web-elb-priv-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow access only from certain subnets to emulate the access HR non production #enviornments currently have. SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.138.2.0/17" Description: "Mosaic VPN" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "150.135.241.0/24" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.33.128/25" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "52.24.15.34/32" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "54.148.26.234/32" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.30.0/24" Description: "VM View" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.2.0/24" Description: "DEV PS Web Servers" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.12.0/24" Description: "SUP PS Web Servers" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.22.0/24" Description: "PRD PS Web Servers" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.5.0/24" Description: "DEV PS App Servers" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.15.0/24" Description: "SUP PS App Servers" - IpProtocol: "tcp" FromPort: "80" ToPort: "80" CidrIp: "10.140.24.0/23" Description: "PRD PS App Servers" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.138.2.0/17" Description: "Mosaic VPN" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "150.135.241.0/24" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.33.128/25" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "52.24.15.34/32" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "54.148.26.234/32" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.30.0/24" Description: "VM View" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.2.0/24" Description: "DEV PS Web Servers" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.12.0/24" Description: "SUP PS Web Servers" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.22.0/24" Description: "PRD PS Web Servers" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.5.0/24" Description: "DEV PS App Servers" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.15.0/24" Description: "SUP PS App Servers" - IpProtocol: "tcp" FromPort: "443" ToPort: "443" CidrIp: "10.140.24.0/23" Description: "PRD PS App Servers" #HCM-12386 allow traffic on post 8200 for Excel to CI - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" CidrIp: "10.138.2.0/17" Description: "Mosaic VPN" - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" CidrIp: "150.135.241.0/24" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" CidrIp: "10.140.33.128/25" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" CidrIp: "52.24.15.34/32" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" CidrIp: "54.148.26.234/32" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" CidrIp: "10.140.30.0/24" Description: "VM View" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-web-elb-priv-sg" #Added for report posting and get a circular issue #when applying to the WebElbSg directrly WebElbPrivIngress80: Type: "AWS::EC2::SecurityGroupIngress" Properties: GroupId: !Ref "WebElbSgPriv" IpProtocol: "tcp" FromPort: "80" ToPort: "80" SourceSecurityGroupId: !Ref "WebElbSgPriv" Description: "Web ELB SG Private" WebElbPrivIngress443: Type: "AWS::EC2::SecurityGroupIngress" Properties: GroupId: !Ref "WebElbSgPriv" IpProtocol: "tcp" FromPort: "443" ToPort: "443" SourceSecurityGroupId: !Ref "WebElbSgPriv" Description: "Web ELB SG Private" WebSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-web-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on port 0 thru 65535 from the Web ELB Security Groups SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "0" ToPort: "65535" SourceSecurityGroupId: !Ref "WebElbSg" Description: "Web ELB SG Public" - IpProtocol: "tcp" FromPort: "0" ToPort: "65535" SourceSecurityGroupId: !Ref "WebElbSgPriv" Description: "Web ELB SG Private" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-web-sg" #For the ELB pointing to the app server AppElbSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-app-elb-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on ports 9000-9100 from Web Server SG SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" SourceSecurityGroupId: !Ref "WebSg" Description: "Web SG" - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" CidrIp: "10.140.2.0/24" Description: "DEV PS Web Servers" - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" CidrIp: "10.140.12.0/24" Description: "SUP PS Web Servers" - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" CidrIp: "10.140.22.0/24" Description: "PRD PS Web Servers" - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" CidrIp: "10.140.5.0/24" Description: "DEV PS App Servers" - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" CidrIp: "10.140.15.0/24" Description: "SUP PS App Servers" - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" CidrIp: "10.140.24.0/23" Description: "PRD PS App Servers" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-app-elb-sg" AppSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-app-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on ports 9000-9100 from the App ELB Security Group SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" SourceSecurityGroupId: !Ref "AppElbSg" Description: "App ELB SG" #Per HCM-12386 open port 8200 from App Elb Sg for Excel to CI - IpProtocol: "tcp" FromPort: "8200" ToPort: "8200" SourceSecurityGroupId: !Ref "AppElbSg" Description: "App ELB SG" - IpProtocol: "tcp" FromPort: "10050" ToPort: "10050" CidrIp: "128.196.130.92/32" Description: "Zabbix Agent" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-app-sg" #Created this so any database can talk to any other database within the VPC #Had to create a separate AWS type to avoid a circular issue when trying to create #in the actual DbSg security group. DbSgIngress: Type: "AWS::EC2::SecurityGroupIngress" Properties: GroupId: !Ref "DbSg" IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" SourceSecurityGroupId: !Ref "DbSg" Description: "DB SG" DbSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-database-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on port 1521 from the App Security Group and Various IP Ranges SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" SourceSecurityGroupId: !Ref "AppSg" Description: "AppSg" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.138.0.0/17" Description: "Mosaic VPN" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.140.14.0/24" Description: "SUP RAC Servers" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.140.24.0/24" Description: "PRD RAC Servers" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.140.30.0/24" Description: "VM View" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.140.4.0/24" Description: "DEV RAC Servers" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.140.5.0/24" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.221.72.0/24" Description: "Need Descr" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.221.75.0/24" Description: "Need Descr" #Added 05/24/2017 to include the private subnets from the UAIR Dev account - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.161.64/26" Description: "UAIR Dev Account Private Subnet1" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.161.128/26" Description: "UAIR Dev Account Private Subnet2" #MEM-18698 12/14/2017 Add the private subnets of the UIAR Prd account - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.183.128/26" Description: "UAIR Prd Account Private Subnet1" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.183.192/26" Description: "UAIR Prd Account Private Subnet2" #MEM-18896 allow over uits-oracle VPN - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.138.129.128/26" Description: "UITS-Oracle VPN" #HCM-12571 add PeopleSoft Non-prod Private Subnets - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.169.0/24" Description: "PeopleSoft NonProd Priv Sub A" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.170.0/24" Description: "PeopleSoft NonProd Priv Sub B" #MEM-18660 add Kuali prd and nonprod private subnets #Allow all outbound traffic - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.176.128/25" Description: "Kuali NonProd Priv Sub A" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.177.0/25" Description: "Kuali NonProd Priv Sub B" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.221.118.128/25" Description: "Kuali Prod Priv Sub A" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.221.119.0/25" Description: "Kuali Prod Priv Sub B" #MEM-19189 05/03/2018 Added transit VPC subnet to allow DB access to AdAstra - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.193.115.0/24" Description: "Transit VPC (for AdAstra)" #MEM-20014 09/25/2018 Added sia nonprod private subnets - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.165.128/26" Description: "SIA nonprod Priv Subnet A" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.165.192/26" Description: "SIA nonprod Priv Subnet B" #09/25/2018 Added DR private subnets - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.224.1.0/24" Description: "DR Priv Subnet A" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.224.2.0/24" Description: "DR Priv Subnet B" #MEM-20154 SIA Access 11/02/2018 - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.179.128/26" Description: "iam non-prod zone a" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.179.192/26" Description: "iam non-prod zone b" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.165.128/26" Description: "sia non-prod zone a" - IpProtocol: "tcp" FromPort: "1521" ToPort: "1521" CidrIp: "10.220.165.192/26" Description: "sia non-prod zone b" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-database-sg" SshSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-ssh-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on port 22 from Various IP Ranges SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "22" ToPort: "22" CidrIp: "10.138.0.0/17" Description: "Mosaic VPN" - IpProtocol: "tcp" FromPort: "22" ToPort: "22" CidrIp: "150.135.241.0/24" Description: "Need Descr" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-ssh-sg" SesSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-ses-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on port 5720 from Web SG and VM View IP Range SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "5720" ToPort: "5720" CidrIp: "10.140.30.0/24" Description: "VM View" - IpProtocol: "tcp" FromPort: "5720" ToPort: "5720" SourceSecurityGroupId: !Ref "WebSg" Description: "Web SG" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-ses-sg" ControlmSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-controlm-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on ports 9000-9100 from Control-M Agent at UA #Allow inbound traffic on ports 9000-9100 from security group peoplesoft-controlm-agent-sg #Also allow ICMP on all ports (so we can use ping) to Agent SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" CidrIp: "10.140.5.79/32" Description: "ConrtrolM Test Agent Server" - IpProtocol: "tcp" FromPort: "9000" ToPort: "9100" SourceSecurityGroupId: !Ref "ControlmAgentSg" Description: "ConrtrolM Agent SG" - IpProtocol: "icmp" FromPort: "-1" ToPort: "-1" CidrIp: "10.140.5.79/32" Description: "ConrtrolM Test Agent Server" - IpProtocol: "icmp" FromPort: "-1" ToPort: "-1" SourceSecurityGroupId: !Ref "ControlmAgentSg" Description: "ConrtrolM Agent SG" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-controlm-sg" ControlmAgentSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "peoplesoft-controlm-agent-sg" VpcId: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" #Allow inbound traffic on port 7017 from Enterprise Manager #Also allow ICMP on all ports (so we can use ping) to Agent and EM SecurityGroupIngress: - IpProtocol: "tcp" FromPort: "7017" ToPort: "7017" CidrIp: "128.196.130.131/32" Description: "ConrtrolM Enterprise Manager Test" - IpProtocol: "tcp" FromPort: "7017" ToPort: "7017" CidrIp: "128.196.130.130/32" Description: "ConrtrolM Enterprise Manager Prod" - IpProtocol: "icmp" FromPort: "-1" ToPort: "-1" CidrIp: "128.196.130.131/32" Description: "ConrtrolM Enterprise Manager Test" - IpProtocol: "icmp" FromPort: "-1" ToPort: "-1" CidrIp: "128.196.130.130/32" Description: "ConrtrolM Enterprise Manager Prod" #Allow all outbound traffic SecurityGroupEgress: - IpProtocol: "-1" CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: "peoplesoft-controlm-agent-sg" #Outputs for Cross Stack Referrence Outputs: OutWebElbSg: Description: Security Group ID for the Web ELB Value: !Ref "WebElbSg" Export: Name: !Sub "${AWS::StackName}-WebElbSg" OutWebElbSgPriv: Description: Security Group ID for the Web ELB Value: !Ref "WebElbSgPriv" Export: Name: !Sub "${AWS::StackName}-WebElbSgPriv" OutWebSg: Description: Security Group ID for the Web Server Value: !Ref "WebSg" Export: Name: !Sub "${AWS::StackName}-WebSg" OutAppElbSg: Description: Security Group ID for the App ELB Value: !Ref "AppElbSg" Export: Name: !Sub "${AWS::StackName}-AppElbSg" OutAppSg: Description: Security Group ID for the App Server Value: !Ref "AppSg" Export: Name: !Sub "${AWS::StackName}-AppSg" OutDbSg: Description: Security Group ID for the Database Value: !Ref "DbSg" Export: Name: !Sub "${AWS::StackName}-DbSg" OutSshSg: Description: Security Group ID for SSH Access Value: !Ref "SshSg" Export: Name: !Sub "${AWS::StackName}-SshSg" OutSesSg: Description: Security Group ID for SES Access Value: !Ref "SesSg" Export: Name: !Sub "${AWS::StackName}-SesSg" OutControlmSg: Description: Security Group ID for ControlM Value: !Ref "ControlmSg" Export: Name: !Sub "${AWS::StackName}-ControlmSg" OutControlmAgentSg: Description: Security Group ID for ControlM Agennt Value: !Ref "ControlmAgentSg" Export: Name: !Sub "${AWS::StackName}-ControlmSgAgent" #The following outputs will be pulled from other CF templates OutVPCID: Description: The VPC ID PeopleSoft Environments will be placed Value: Fn::ImportValue: !Sub "${VPCCloudFormationName}-vpcid" Export: Name: !Sub "${AWS::StackName}-VPCID" OutPrivSubNet1: Description: Private SubNet 1 Value: Fn::ImportValue: !Sub "${VPCCloudFormationName}-private-subnet-a" Export: Name: !Sub "${AWS::StackName}-PrivSubNet1" OutPrivSubNet2: Description: Private SubNet 2 Value: Fn::ImportValue: !Sub "${VPCCloudFormationName}-private-subnet-b" Export: Name: !Sub "${AWS::StackName}-PrivSubNet2" OutPubSubNet1: Description: Public SubNet 1 Value: Fn::ImportValue: !Sub "${VPCCloudFormationName}-public-subnet-a" Export: Name: !Sub "${AWS::StackName}-PubSubNet1" OutPubSubNet2: Description: Public SubNet 2 Value: Fn::ImportValue: !Sub "${VPCCloudFormationName}-public-subnet-b" Export: Name: !Sub "${AWS::StackName}-PubSubNet2" OutELMEFSSG: Description: ELM EFS Security Group Servers will need in order to access the EFS Share Value: Fn::ImportValue: !Sub "${ELMEFSCloudFormationName}-target-sg" Export: Name: !Sub "${AWS::StackName}-ELMEFSSG" OutELMEFSID: Description: ELM EFS Volume ID, needed to mount a EFS volume to an EC2 instance Value: Fn::ImportValue: !Sub "${ELMEFSCloudFormationName}-fs-id" Export: Name: !Sub "${AWS::StackName}-ELMEFSID" OutHREFSSG: Description: HR EFS Security Group Servers will need in order to access the EFS Share Value: Fn::ImportValue: !Sub "${HREFSCloudFormationName}-target-sg" Export: Name: !Sub "${AWS::StackName}-HREFSSG" OutHREFSID: Description: HR EFS Volume ID, needed to mount a EFS volume to an EC2 instance Value: Fn::ImportValue: !Sub "${HREFSCloudFormationName}-fs-id" Export: Name: !Sub "${AWS::StackName}-HREFSID" OutSAEFSSG: Description: SA EFS Security Group Servers will need in order to access the EFS Share Value: Fn::ImportValue: !Sub "${SAEFSCloudFormationName}-target-sg" Export: Name: !Sub "${AWS::StackName}-SAEFSSG" OutSAEncryptedEFSSG: Description: SA Encrypted EFS Security Group Servers will need in order to access the EFS Share Value: Fn::ImportValue: !Sub "${SAEncryptedEFSCloudFormationName}-target-sg" Export: Name: !Sub "${AWS::StackName}-SAEncryptedEFSSG" OutSAEFSID: Description: SA EFS Volume ID, needed to mount a EFS volume to an EC2 instance Value: Fn::ImportValue: !Sub "${SAEFSCloudFormationName}-fs-id" Export: Name: !Sub "${AWS::StackName}-SAEFSID" OutSAEncryptedEFSID: Description: SA Encrypted EFS Volume ID, needed to mount a EFS volume to an EC2 instance Value: Fn::ImportValue: !Sub "${SAEncryptedEFSCloudFormationName}-fs-id" Export: Name: !Sub "${AWS::StackName}-SAEncryptedEFSID" OutHostedZoneName: Description: Hosted Zone Name Value: Fn::ImportValue: !Sub "${Route53CloudFormationName}-dns" Export: Name: !Sub "${AWS::StackName}-HostedZoneName" #Hard coded outputs OutRDSSubnetGroup: Description: RDS Subnet Group for Databases Value: "peoplesoft-rds-subnet-group" Export: Name: !Sub "${AWS::StackName}-RDSSubnetGroup" #Created PSAWS-32 to get the following added as an output to the fdn-iam cloudformation template OutOpsWorksIAMRoleARN: Description: IAM role used when OpsWorks Stacks are Created Value: Fn::ImportValue: !Sub "${FdnIAMCloudFormationName}-opsworks-service-role-arn" Export: Name: !Sub "${AWS::StackName}-OpsWorksIAMRoleARN"