|
|
@@ -1,3 +1,12 @@
|
|
|
+locals {
|
|
|
+ # alb_clients access the SH
|
|
|
+ alb_clients = toset(concat(
|
|
|
+ var.cidr_map["vpc-access"], # VPN users
|
|
|
+ var.cidr_map["vpc-system-services"], # Salt master, etc
|
|
|
+ var.cidr_map["vpc-private-services"], # fm-shared search, qcompliance, phantom
|
|
|
+ ))
|
|
|
+}
|
|
|
+
|
|
|
resource "aws_lb" "searchhead-alb" {
|
|
|
name = "${var.prefix}-searchhead-alb"
|
|
|
internal = true
|
|
|
@@ -145,7 +154,7 @@ resource "aws_security_group_rule" "searchhead-alb-api-in" {
|
|
|
from_port = 8089
|
|
|
to_port = 8089
|
|
|
protocol = "tcp"
|
|
|
- cidr_blocks = var.cidr_map["vpc-access"]
|
|
|
+ cidr_blocks = local.alb_clients
|
|
|
security_group_id = aws_security_group.searchhead-alb-sg.id
|
|
|
}
|
|
|
|
|
|
@@ -154,7 +163,7 @@ resource "aws_security_group_rule" "searchhead-alb-https-in" {
|
|
|
from_port = 443
|
|
|
to_port = 443
|
|
|
protocol = "tcp"
|
|
|
- cidr_blocks = var.cidr_map["vpc-access"]
|
|
|
+ cidr_blocks = local.alb_clients
|
|
|
security_group_id = aws_security_group.searchhead-alb-sg.id
|
|
|
}
|
|
|
|
|
|
@@ -163,7 +172,7 @@ resource "aws_security_group_rule" "searchhead-alb-8000-in" {
|
|
|
from_port = 8000
|
|
|
to_port = 8000
|
|
|
protocol = "tcp"
|
|
|
- cidr_blocks = var.cidr_map["vpc-access"]
|
|
|
+ cidr_blocks = local.alb_clients
|
|
|
security_group_id = aws_security_group.searchhead-alb-sg.id
|
|
|
}
|
|
|
|
|
|
@@ -173,7 +182,7 @@ resource "aws_security_group_rule" "searchhead-http-in" {
|
|
|
from_port = 80
|
|
|
to_port = 80
|
|
|
protocol = "tcp"
|
|
|
- cidr_blocks = var.cidr_map["vpc-access"]
|
|
|
+ cidr_blocks = local.alb_clients
|
|
|
security_group_id = aws_security_group.searchhead-alb-sg.id
|
|
|
}
|
|
|
|
Fred Damstra