4 gadi atpakaļ · 40030f4e6f
--- a/base/customer_portal_lambda/main.tf
+++ b/base/customer_portal_lambda/main.tf
@@ -58,22 +58,6 @@ data "aws_security_group" "typical-host" {
 
				   vpc_id = var.vpc_id
			
 
				 }
			
 
				 
			
 
				-resource "aws_security_group" "portal_lambda_sg" {
			
 
				-  vpc_id      = var.vpc_id
			
 
				-  name        = "portal-data-sync-lambda-sg"
			
 
				-  description = "Allow Lambda access to Portal"
			
 
				-}
			
 
				-
			
 
				-resource "aws_security_group_rule" "portal_lambda_https" {
			
 
				-  type              = "egress"
			
 
				-  from_port         = 443
			
 
				-  to_port           = 443
			
 
				-  protocol          = "tcp"
			
 
				-  cidr_blocks       = ["0.0.0.0/0"]
			
 
				-  description       = "Access to Portal"
			
 
				-  security_group_id = aws_security_group.portal_lambda_sg.id
			
 
				-}
			
 
				-
			
 
				 resource "aws_security_group" "portal_lambda_splunk_sg" {
			
 
				   vpc_id      = var.vpc_id
			
 
				   name        = "portal-data-sync-lambda-splunk-sg"
			
@@ -112,7 +96,7 @@ resource "aws_lambda_function" "portal_data_sync" {
 
				 	timeout          = "315"
			
 
				 	vpc_config {
			
 
				 		subnet_ids          = var.subnets
			
 
				-		security_group_ids  = [ aws_security_group.portal_lambda_sg.id, aws_security_group.portal_lambda_splunk_sg.id ]
			
 
				+		security_group_ids  = [ data.aws_security_group.typical-host.id, aws_security_group.portal_lambda_splunk_sg.id ]
			
 
				 	}
			
 
				 	environment { 
			
 
				 		variables = {
			
@@ -130,6 +114,7 @@ resource "aws_lambda_function" "portal_data_sync" {
 
				 			"VAULT_PATH"             = "portal/data/lambda_sync_env"
			
 
				 		}
			
 
				 	}
			
 
				+  tags = merge(var.standard_tags, var.tags)
			
 
				 
			
 
				   lifecycle {
			
 
				     # Ignoring changes to the code of the function so that we won't
			
--- a/base/splunk_servers/searchhead/main.tf
+++ b/base/splunk_servers/searchhead/main.tf
@@ -203,9 +203,9 @@ data "template_cloudinit_config" "cloud-init" {
 
				 #     tcp/8089      - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr 
			
 
				 #     tcp/9997-9998 - Splunk Data                - Entire VPC + var.splunk_legacy_cidr
			
 
				 #
			
 
				-#   Ingress - moose only:
			
 
				-#     tcp/8000      - Splunk Web                 - vpc-system-services (for salt inventory)
			
 
				-#     tcp/8089      - Splunk Web                 - vpc-system-services (for salt inventory)
			
 
				+#   Ingress:
			
 
				+#     tcp/8000      - Splunk Web                 - vpc-system-services (for salt inventory (moose only))
			
 
				+#     tcp/8089      - Splunk Web                 - vpc-system-services (for salt inventory and portal lambda)
			
 
				 #
			
 
				 #   Egress:
			
 
				 #     tcp/8089      - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr
			
@@ -243,7 +243,7 @@ resource "aws_security_group_rule" "splunk-api-in" {
 
				                                    var.cidr_map["vpc-splunk"], # MC
			
 
				                                    var.splunk_legacy_cidr, 
			
 
				                                    [ var.vpc_cidr ], 
			
 
				-                                   local.is_moose ? var.cidr_map["vpc-system-services"] : [], # for salt inventory
			
 
				+                                   var.cidr_map["vpc-system-services"], # for salt inventory and Portal lambda
			
 
				                       ))
			
 
				   security_group_id = aws_security_group.searchhead_security_group.id
			
 
				 }