hace 4 años · 8a240f598e
--- a/base/standard_vpc/main.tf
+++ b/base/standard_vpc/main.tf
@@ -46,43 +46,43 @@ module "vpc" {
 
				   # Endpoints with a dns setting
			
 
				   enable_ec2_endpoint              = true
			
 
				   ec2_endpoint_private_dns_enabled = true
			
 
				-  ec2_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  ec2_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_ec2messages_endpoint = true
			
 
				   ec2messages_endpoint_private_dns_enabled = true
			
 
				-  ec2messages_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  ec2messages_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_ecr_api_endpoint = true
			
 
				   ecr_api_endpoint_private_dns_enabled = true
			
 
				-  ecr_api_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  ecr_api_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_ecr_dkr_endpoint = true
			
 
				   ecr_dkr_endpoint_private_dns_enabled = true
			
 
				-  ecr_dkr_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  ecr_dkr_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_kms_endpoint = true
			
 
				   kms_endpoint_private_dns_enabled = true
			
 
				-  kms_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  kms_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_logs_endpoint = true
			
 
				   logs_endpoint_private_dns_enabled = true
			
 
				-  logs_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  logs_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_ssm_endpoint = true
			
 
				   ssm_endpoint_private_dns_enabled = true
			
 
				-  ssm_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  ssm_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_ssmmessages_endpoint = true
			
 
				   ssmmessages_endpoint_private_dns_enabled = true
			
 
				-  ssmmessages_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  ssmmessages_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_sts_endpoint = true
			
 
				   sts_endpoint_private_dns_enabled = true
			
 
				-  sts_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  sts_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   enable_monitoring_endpoint = true
			
 
				   monitoring_endpoint_private_dns_enabled = true
			
 
				-  monitoring_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.this_security_group_id ]
			
 
				+  monitoring_endpoint_security_group_ids  =  [ module.aws_endpoints_sg.security_group_id ]
			
 
				 
			
 
				   dhcp_options_domain_name = var.dns_info["private"]["zone"]
			
 
				   dhcp_options_domain_name_servers = var.dns_servers
			
--- a/base/standard_vpc/outputs.tf
+++ b/base/standard_vpc/outputs.tf
@@ -11,11 +11,11 @@ output private_subnets {
 
				 }
			
 
				 
			
 
				 output allow_all_from_trusted_sg_id {
			
 
				-  value = module.allow_all_from_trusted_sg.this_security_group_id
			
 
				+  value = module.allow_all_from_trusted_sg.security_group_id
			
 
				 }
			
 
				 
			
 
				 output allow_all_outbound_sg_id {
			
 
				-  value = module.allow_all_outbound_sg.this_security_group_id
			
 
				+  value = module.allow_all_outbound_sg.security_group_id
			
 
				 }
			
 
				 
			
 
				 output private_route_tables {
			
--- a/base/standard_vpc/security-groups.tf
+++ b/base/standard_vpc/security-groups.tf
@@ -8,7 +8,7 @@ locals {
 
				 module "aws_endpoints_sg" {
			
 
				   use_name_prefix = false
			
 
				   source = "terraform-aws-modules/security-group/aws"
			
 
				-  version = "~> 3"
			
 
				+  version = "= 4.0.0"
			
 
				   name        = "aws_endpoints"
			
 
				   tags        = merge(var.standard_tags, var.tags)
			
 
				   vpc_id      = module.vpc.vpc_id
			
@@ -26,7 +26,7 @@ module "aws_endpoints_sg" {
 
				 module "allow_all_from_trusted_sg" {
			
 
				   use_name_prefix = false
			
 
				   source = "terraform-aws-modules/security-group/aws"
			
 
				-  version = "~> 3"
			
 
				+  version = "= 4.0.0"
			
 
				   name        = "allow-all-from-trusted"
			
 
				   tags        = merge(var.standard_tags, var.tags)
			
 
				   vpc_id      = module.vpc.vpc_id
			
@@ -40,7 +40,7 @@ module "allow_all_from_trusted_sg" {
 
				 module "allow_all_outbound_sg" {
			
 
				   use_name_prefix = false
			
 
				   source = "terraform-aws-modules/security-group/aws"
			
 
				-  version = "~> 3"
			
 
				+  version = "= 4.0.0"
			
 
				   name        = "allow-all-outbound"
			
 
				   tags        = merge(var.standard_tags, var.tags)
			
 
				   vpc_id      = module.vpc.vpc_id
			
@@ -56,7 +56,7 @@ module "typical_host_security_group" {
 
				   tags = merge(var.standard_tags, var.tags)
			
 
				   aws_region = var.aws_region
			
 
				   aws_partition = var.aws_partition
			
 
				-  aws_endpoints_sg = module.aws_endpoints_sg.this_security_group_id
			
 
				+  aws_endpoints_sg = module.aws_endpoints_sg.security_group_id
			
 
				 }
			
 
				 
			
 
				 # CIS 4.3 - Default security group should restrict all traffic