Updates OpenVPN and Nessus Scanner Security Groups

Still to be tagged v1.23.0

base/nessus/instance_nessus_scanner/securitygroup-server.tf

@@ -17,6 +17,16 @@ resource "aws_security_group" "nessus_scanner" {
 #-----------------------------------------------------------------
 # Inbound access
 #-----------------------------------------------------------------
+resource "aws_security_group_rule" "nessus_scanner_inbound_icmp" {
+  security_group_id        = aws_security_group.nessus_scanner.id
+  type                     = "ingress"
+  cidr_blocks              = [ "10.0.0.0/8" ]
+  from_port                = -1
+  to_port                  = -1
+  protocol                 = "ICMP"
+  description              = "Inbound pings"
+}
+
 resource "aws_security_group_rule" "nessus_scanner_inbound_22" {
   security_group_id        = aws_security_group.nessus_scanner.id
   type                     = "ingress"

base/openvpn/main.tf

@@ -269,6 +269,16 @@ resource "aws_security_group_rule" "openvpn-ssh-out" {
   security_group_id = aws_security_group.openvpn_security_group.id
 }
 
+resource "aws_security_group_rule" "openvpn-nessus-out" {
+  type              = "egress"
+  from_port         = 8834
+  to_port           = 8835
+  protocol          = "tcp"
+  cidr_blocks       = toset(concat(var.cidr_map["vpc-scanners"], var.cidr_map["vpc-private-services"]))
+  security_group_id = aws_security_group.openvpn_security_group.id
+  description       = "Access to Nessus"
+}
+
 resource "aws_security_group_rule" "openvpn-license-server-out" {
   # Needed for license server check-in.  Seems to be stable IP.
   type              = "egress"