Use SSM to access App instances, not bastion.

aws-samples · Dec 7, 2018 · 0e6da27 · 0e6da27
1 parent 11b9330
commit 0e6da27
Showing 1 changed file with 0 additions and 18 deletions.
diff --git a/templates/vpc.cfn.yml b/templates/vpc.cfn.yml
@@ -236,15 +236,6 @@ Resources:
       FromPort: !Ref AppIngressPort
       SourceSecurityGroupId: !Ref ELBSecurityGroup
 
-  AppSecurityGroupFromBastionIngress:
-    Type: AWS::EC2::SecurityGroupIngress  # prevent security group circular references
-    Properties:
-      GroupId: !Ref AppSecurityGroup
-      IpProtocol: tcp
-      ToPort: 22
-      FromPort: 22
-      SourceSecurityGroupId: !Ref BastionSecurityGroup
-
   BastionSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
@@ -272,15 +263,6 @@ Resources:
       - Key: Name
         Value: !Sub "${AWS::StackName}-BastionSecurityGroup"
 
-  BastionSecurityGroupToAppEgress:
-    Type: AWS::EC2::SecurityGroupEgress  # prevent security group circular references
-    Properties:
-      GroupId: !Ref BastionSecurityGroup
-      IpProtocol: tcp
-      ToPort: 22
-      FromPort: 22
-      DestinationSecurityGroupId: !Ref AppSecurityGroup
-
   BastionSecurityGroupToPostgreSqlDbEgress:
     Type: AWS::EC2::SecurityGroupEgress
     Properties: