Merge pull request #28 from mdr-engineering/feature/dw_MSOCI-1334_qualys

[MSOCI-1334] Small interface changes, added temp SG and legacy role name

base/qualys_connector_role/main.tf

@@ -6,7 +6,7 @@ data aws_iam_policy_document "qualys_assume_role_policy" {
     principals {
       type = "AWS"
       identifiers = [
-        "arn:${data.aws_partition.current.partition}:iam::${var.service_account_home}:user/service_accounts/qualys"
+        "arn:${data.aws_partition.current.partition}:iam::${var.common_services_account}:user/service_accounts/qualys"
       ]
     }
     actions = [
@@ -17,7 +17,7 @@ data aws_iam_policy_document "qualys_assume_role_policy" {
       test     = "StringEquals"
       variable = "sts:ExternalId"
       values = [
-        var.externalid
+        var.qualys_connector_externalid
       ]
     }
   }

base/qualys_connector_role/variables.tf

@@ -1,11 +1,10 @@
-variable service_account_home {
-  description = "Home account number for qualys service account"
+variable qualys_connector_externalid {
+  description = "External ID from Qualys Connector"
   type        = string
 }
 
-variable externalid {
-  description = "External ID from Qualys Connector"
-  type        = string
+variable common_services_account {
+  type = string
 }
 
 variable tags {

base/qualys_scanners/security-groups.tf

@@ -75,6 +75,13 @@ module "qualys_scanner_sg" {
       protocol    = "ALL"
       description = "Outbound for scanning things"
       cidr_blocks = "10.0.0.0/8"
+    },
+    {
+      from_port   = 443
+      to_port     = 443
+      protocol    = "TCP"
+      description = "Temp allow all outbound ; remove when proxy in place"
+      cidr_blocks = "0.0.0.0/0"
     }
   ]