Use SSM to access App instances, not bastion.

glenngillen · glenngillen · commit 0e6da275b3bc · 2018-12-07T12:26:02.000+11:00
diff --git a/templates/vpc.cfn.yml b/templates/vpc.cfn.yml
@@ -236,15 +236,6 @@ Resources:
       FromPort: !Ref AppIngressPort
       SourceSecurityGroupId: !Ref ELBSecurityGroup
 
-  AppSecurityGroupFromBastionIngress:
-    Type: AWS::EC2::SecurityGroupIngress  # prevent security group circular references
-    Properties:
-      GroupId: !Ref AppSecurityGroup
-      IpProtocol: tcp
-      ToPort: 22
-      FromPort: 22
-      SourceSecurityGroupId: !Ref BastionSecurityGroup
-
   BastionSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
@@ -272,15 +263,6 @@ Resources:
       - Key: Name
         Value: !Sub "${AWS::StackName}-BastionSecurityGroup"
 
-  BastionSecurityGroupToAppEgress:
-    Type: AWS::EC2::SecurityGroupEgress  # prevent security group circular references
-    Properties:
-      GroupId: !Ref BastionSecurityGroup
-      IpProtocol: tcp
-      ToPort: 22
-      FromPort: 22
-      DestinationSecurityGroupId: !Ref AppSecurityGroup
-
   BastionSecurityGroupToPostgreSqlDbEgress:
     Type: AWS::EC2::SecurityGroupEgress
     Properties:
