|
|
@@ -200,6 +200,10 @@ data "template_cloudinit_config" "cloud-init" {
|
|
|
# tcp/8089 - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr
|
|
|
# tcp/9997-9998 - Splunk Data - Entire VPC + var.splunk_legacy_cidr
|
|
|
#
|
|
|
+# Ingress - moose only:
|
|
|
+# tcp/8000 - Splunk Web - vpc-system-services (for salt inventory)
|
|
|
+# tcp/8089 - Splunk Web - vpc-system-services (for salt inventory)
|
|
|
+#
|
|
|
# Egress:
|
|
|
# tcp/8089 - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr
|
|
|
resource "aws_security_group" "searchhead_security_group" {
|
|
|
@@ -220,6 +224,7 @@ resource "aws_security_group_rule" "splunk-web-in" {
|
|
|
var.cidr_map["vpc-private-services"],
|
|
|
var.splunk_legacy_cidr,
|
|
|
[ var.vpc_cidr ],
|
|
|
+ local.is_moose ? var.cidr_map["vpc-system-services"] : [], # for salt inventory
|
|
|
))
|
|
|
security_group_id = aws_security_group.searchhead_security_group.id
|
|
|
}
|
|
|
@@ -234,6 +239,7 @@ resource "aws_security_group_rule" "splunk-api-in" {
|
|
|
var.cidr_map["vpc-private-services"],
|
|
|
var.splunk_legacy_cidr,
|
|
|
[ var.vpc_cidr ],
|
|
|
+ local.is_moose ? var.cidr_map["vpc-system-services"] : [], # for salt inventory
|
|
|
))
|
|
|
security_group_id = aws_security_group.searchhead_security_group.id
|
|
|
}
|
Fred Damstra