Cloud Formation for EMR Security Group for private subnet

Question

Creating EMR security group CloudFormation template

Creating master security
Core and task security
Service Access security

Trying to create EMR security group via CloudFormation. But having issues with CloudFormation. But finally, get the CloudFormation.

### Private subnet for emr security group
---
AWSTemplateFormatVersion: "2010-09-09"
Description: Template for SecurityGroup(CC-DxVPC).

Mappings:
  "account-id":
    "region":
      VPC: vpc-id
  "account-is":
    "region":
      VPC: vpc-id
# MasterSecurity rules
Resources:
  MasterSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: EMR-MASTER-CF
      GroupDescription: Security group emr
      VpcId: !FindInMap [!Ref "AWS::AccountId", !Ref "AWS::Region", VPC]
  MasterSecurityGroupIngress1:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  MasterSecurityGroupIngress2:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  MasterSecurityGroupIngress3:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  MasterSecurityGroupIngress4:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  MasterSecurityGroupIngress5:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  MasterSecurityGroupIngress6:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  MasterSecurityGroupIngress7:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      SourceSecurityGroupId: !Ref ServiceAccessSecurityGroup

#Coreandtask security group rule

  CoreandTaskSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: EMR-CORE-CF
      GroupDescription: Security group emr
      VpcId: !FindInMap [!Ref "AWS::AccountId", !Ref "AWS::Region", VPC]
  CoreandTaskSecurityGroupIngress1:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  CoreandTaskSecurityGroupIngress2:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  CoreandTaskSecurityGroupIngress3:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  CoreandTaskSecurityGroupIngress4:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  CoreandTaskSecurityGroupIngress5:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  CoreandTaskSecurityGroupIngress6:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  CoreandTaskSecurityGroupIngress7:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      SourceSecurityGroupId: !Ref ServiceAccessSecurityGroup

# service access rules
  ServiceAccessSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: EMR-SERVICE-CF
      GroupDescription: Security group emr
      VpcId: !FindInMap [!Ref "AWS::AccountId", !Ref "AWS::Region", VPC]
  ServiceAccessSecurityGroupEgress1:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      DestinationSecurityGroupId: !Ref CoreandTaskSecurityGroup

  ServiceAccessSecurityGroupEgress2:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      DestinationSecurityGroupId: !Ref MasterSecurityGroup

  ServiceAccessSecurityGroupEgress3:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 8443
      IpProtocol: tcp
      ToPort: 8443
      DestinationSecurityGroupId: !Ref CoreandTaskSecurityGroup

  ServiceAccessSecurityGroupEgress4:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 8443
      IpProtocol: tcp
      ToPort: 8443
      DestinationSecurityGroupId: !Ref MasterSecurityGroup

For tips on asking a good question, please see: [How do I ask a good question?](http://stackoverflow.com/help/how-to-ask) — John Rotenstein, May 12 '20 at 06:54

Cloud Formation for EMR Security Group for private subnet

0 Answers0