4 gadi atpakaļ · c4ceb0d6f1
--- a/base/splunk_servers/cluster_master/main.tf
+++ b/base/splunk_servers/cluster_master/main.tf
@@ -236,7 +236,7 @@ resource "aws_security_group_rule" "splunk-api-in" {
 
				   from_port         = 8089
			
 
				   to_port           = 8089
			
 
				   protocol          = "tcp"
			
 
				-  cidr_blocks       = toset(concat(var.splunk_legacy_cidr, [ var.vpc_cidr ], var.cidr_map["vpc-access"]))
			
 
				+  cidr_blocks       = toset(concat(var.splunk_legacy_cidr, [ var.vpc_cidr ], var.cidr_map["vpc-access"], var.cidr_map["vpc-private-services"]))
			
 
				   security_group_id = aws_security_group.cluster_master_security_group.id
			
 
				 }
			
 
				 
			
--- a/base/splunk_servers/heavy_forwarder/main.tf
+++ b/base/splunk_servers/heavy_forwarder/main.tf
@@ -226,9 +226,7 @@ resource "aws_security_group_rule" "splunk-api-in" {
 
				   from_port         = 8089
			
 
				   to_port           = 8089
			
 
				   protocol          = "tcp"
			
 
				-  # Leaving these commented, as we'll probably need to add to this rule
			
 
				-  #cidr_blocks       = toset(concat(var.cidr_map["vpc-access"], var.cidr_map["vpc-private-services"]))
			
 
				-  cidr_blocks       = var.cidr_map["vpc-access"]
			
 
				+  cidr_blocks       = toset(concat(var.cidr_map["vpc-access"], var.cidr_map["vpc-private-services"]))
			
 
				   security_group_id = aws_security_group.heavy_forwarder_security_group.id
			
 
				 }
			
 
				 
			
--- a/base/splunk_servers/indexer_cluster/security-group-indexers.tf
+++ b/base/splunk_servers/indexer_cluster/security-group-indexers.tf
@@ -5,7 +5,7 @@
 
				 # x   tcp/8000      - Splunk Web                 - (local.access_cidrs) vpc-access, legacy openvpn, legacy bastion
			
 
				 # x   tcp/8088      - Splunk HEC                 - (local.data_sources) Entire VPC + var.additional_source + var.splunk_legacy_cidr
			
 
				 # x   tcp/8088      - MOOSE ONLY                 - 10.0.0.0/8
			
 
				-# x   tcp/8089      - Splunk API                 - (local.access_cidrs) vpc-access, legacy openvpn, legacy bastion
			
 
				+# x   tcp/8089      - Splunk API                 - (local.access_cidrs) vpc-access, legacy openvpn, legacy bastion, legacy infra (vpc-private-services) VPC for monitoring console
			
 
				 # x   tcp/8089      - Splunk API + IDX Discovery - (local.splunk_vpc_cidrs) Entire VPC + var.splunk_legacy_cidr
			
 
				 # x   tcp/8089      - MOOSE ONLY                 - 10.0.0.0/8
			
 
				 # x   tcp/9887      - IDX Replication            - (local.splunk_vpc_cidrs) Entire VPC + var.splunk_legacy_cidr
			
@@ -15,7 +15,7 @@
 
				 #     tcp/9887      - IDX Replication            - (local.splunk_vpc_cidrs) Entire VPC + var.splunk_legacy_cidr
			
 
				 #     tcp/8089      - Splunk API + IDX Discovery - (local.splunk_vpc_cidrs) Entire VPC + var.splunk_legacy_cidr
			
 
				 locals {
			
 
				-  splunk_vpc_cidrs = toset(concat(var.splunk_legacy_cidr, [ var.vpc_cidr ]))
			
 
				+  splunk_vpc_cidrs = toset(concat(var.splunk_legacy_cidr, [ var.vpc_cidr ], var.cidr_map["vpc-private-services"]))
			
 
				   access_cidrs     = var.cidr_map["vpc-access"]
			
 
				   data_sources     = toset(concat(tolist(local.splunk_vpc_cidrs), var.splunk_data_sources))
			
 
				 }