#---------------------------------------------------------------------------- # ALB Security Group #---------------------------------------------------------------------------- resource "aws_security_group" "alb" { vpc_id = var.vpc_id name_prefix = "${local.name}-alb" description = "ALB SG for ${var.hostname}" tags = merge(local.tags, { "Name" : local.name }) } #---------------------------------------------------------------------------- # INGRESS #---------------------------------------------------------------------------- resource "aws_security_group_rule" "http_from_internet" { description = "HTTP inbound from Internet" type = "ingress" from_port = "80" to_port = "80" protocol = "tcp" cidr_blocks = var.inbound_cidrs security_group_id = aws_security_group.alb.id } resource "aws_security_group_rule" "https_from_internet" { description = "HTTPS inbound from Internet" type = "ingress" from_port = "443" to_port = "443" protocol = "tcp" cidr_blocks = var.inbound_cidrs security_group_id = aws_security_group.alb.id } #---------------------------------------------------------------------------- # EGRESS #---------------------------------------------------------------------------- resource "aws_security_group_rule" "alb_to_server" { description = "${var.hostname} to the Server" type = "egress" from_port = var.server_port to_port = var.server_port protocol = "tcp" source_security_group_id = var.server_security_group security_group_id = aws_security_group.alb.id } #---------------------------------------------------------------------------- # Server Security Group #---------------------------------------------------------------------------- resource "aws_security_group_rule" "server_from_alb" { description = "ALB to ${var.hostname}" type = "ingress" from_port = var.server_port to_port = var.server_port protocol = "tcp" source_security_group_id = aws_security_group.alb.id security_group_id = var.server_security_group }