From ec7b1769a6b11681ded24980351ac1d1341e6f07 Mon Sep 17 00:00:00 2001
From: Rizvi Rahim <rizra@amazon.com>
Date: Mon, 13 Jan 2020 10:21:09 -0600
Subject: [PATCH 1/2] Add route table association for public subnet B,
 otherwise stack has 50% chance of not working

---
 cloudformation/template.json | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cloudformation/template.json b/cloudformation/template.json
index 1a76454..e94b23a 100644
--- a/cloudformation/template.json
+++ b/cloudformation/template.json
@@ -75,13 +75,20 @@
        "GatewayId": {"Ref":"InternetGateway"}
     }
   },
-  "SubnetRouteTableAssociation": {
+  "SubnetRouteTableAssociationA": {
     "Type": "AWS::EC2::SubnetRouteTableAssociation",
     "Properties": {
       "RouteTableId": {"Ref":"RouteTable"},
       "SubnetId": {"Ref":"PublicSubnetA"}
     }
   },
+  "SubnetRouteTableAssociationB": {
+    "Type": "AWS::EC2::SubnetRouteTableAssociation",
+    "Properties": {
+      "RouteTableId": {"Ref":"RouteTable"},
+      "SubnetId": {"Ref":"PublicSubnetB"}
+    }
+  },
   "PrivateSubnetRouteTableAssociation": {
     "Type": "AWS::EC2::SubnetRouteTableAssociation",
     "Properties": {

From e2483181c56d792791b6621fdbcf5d77376d51d5 Mon Sep 17 00:00:00 2001
From: Rizvi Rahim <rizra@amazon.com>
Date: Mon, 13 Jan 2020 10:44:57 -0600
Subject: [PATCH 2/2] Change 0.0.0.0/0 port 22 security group to eu-west-1
 prefix list, to avoid getting a ticket from security

---
 cloudformation/template.json | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cloudformation/template.json b/cloudformation/template.json
index e94b23a..f5d4b61 100644
--- a/cloudformation/template.json
+++ b/cloudformation/template.json
@@ -12,7 +12,12 @@
       "Type" : "String",
       "Description" : "Instance type",
       "Default" : "m5.large"
-  }
+    },
+    "AmazonPrefixList": {
+      "Type" : "String",
+      "Description" : "CORP Prefix list for the region stack is running, from https://apll.corp.amazon.com/. Default is for eu-west-1",
+      "Default" : "pl-01a74268"
+    }
 },
   "Resources": {
     "VPC": {
@@ -118,7 +123,7 @@
         "ToPort" : "8080",
         "SourceSecurityGroupId" : {"Fn::Select" : [0, {"Fn::GetAtt" : ["ApplicationLoadBalancer", "SecurityGroups"]}]}
       },
-       {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0"}
+       {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "SourcePrefixListId": {"Ref":"AmazonPrefixList"} }
      ]
    }
   },