Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #329 from mdr-engineering/feature/ftd_MSOCI-1974_FlagForOpenVPCEndpoints

Adds a flag to allow wider access to VPC endpoints
Frederick Damstra 3 years ago
parent
f20c904da9 3eed0ce297
commit
63b0def0f8
2 changed files with 9 additions and 2 deletions
Split View Show Diff Stats
  1. 3 2
      base/standard_vpc/security-groups.tf
  2. 6 0
      base/standard_vpc/vars.tf

+ 3 - 2
base/standard_vpc/security-groups.tf
View File 

@@ -3,6 +3,7 @@
 
 #
 
 
 locals {
 
+  endpoint_cidr_blocks = var.allow_any_to_endpoints ? [ "10.0.0.0/8" ] : [ module.vpc.vpc_cidr_block ]
 
 }
 
 
 module "aws_endpoints_sg" {
 
@@ -13,8 +14,8 @@ module "aws_endpoints_sg" {
 
   tags        = merge(var.standard_tags, var.tags)
 
   vpc_id      = module.vpc.vpc_id
 
 
-  ingress_cidr_blocks = [ "10.0.0.0/8" ]
 
-  egress_cidr_blocks = [ "10.0.0.0/8" ]
 
+  ingress_cidr_blocks = local.endpoint_cidr_blocks
 
+  egress_cidr_blocks = local.endpoint_cidr_blocks
 
   egress_ipv6_cidr_blocks = [ ]
 
 
   egress_rules = [ "all-all" ]

+ 6 - 0
base/standard_vpc/vars.tf
View File 

@@ -1,3 +1,9 @@
 
+variable "allow_any_to_endpoints" {
 
+  description = "Whether to accept the transit gateway sharing invitation. Only done once per account."
 
+  type        = bool
 
+  default     = false
 
+}
 
+
 
 variable "accept_tgw_invitation" {
 
   description = "Whether to accept the transit gateway sharing invitation. Only done once per account."
 
   type        = bool