= CloudFormation template generation

When creating a config, you can either have the config under the `configs/{{env_type}}/files/cloud_providers/ec2_cloud_template.j2`, or use the default template.

If you choose to use the default template, you can still customize it to your needs.

Have a look at the link:../../configs/just-some-nodes-example/env_vars.yml[env_vars.yml] file from the link:../../configs/just-some-nodes-example/[just-some-nodes-example]  config.


=== Current status and features of the default template

Resources created by the default template:

* Instances
** [x] ElasticIP
** [x] Storage
* DNS
** Mandatory Variables:
*** `subdomain_base`: the AWS top-level Zone to update, for example `.openshift.opentlc.com`
** [ ] TODO: Public DNS Zone
*** [ ] TODO: Allow route53User to access only the delegated zone
** [x] Internal DNS Zone
** [x] Cloud DNS load balancer records
* [x] SecurityGroup
** [x] SecurityGroup rules
* [x] Subnet
* [ ] TODO: S3 Buckets
** [ ] TODO: Create a bucket and a user that has access to it

== Security Groups

The default template comes with 2 default security groups:

* DefaultSG (allow all connections from the bastion)
* BastionSG (allow SSH and mosh connection from the internet)

Have a look at link:defaults/main.yml[defaults/main.yml].

You can add more security group using the `security_groups` variables.


Then you can pick the security group**s** you want for any of the instances defined in the `instances` list.