#---------------------------------------------------------------------------- # Load Balancer ALB Security Group #---------------------------------------------------------------------------- resource "aws_security_group" "alb" { vpc_id = var.vpc_id name_prefix = "${local.name}-alb" description = "ALB SG for ${var.hostname}" tags = merge(local.tags, { "Name" : local.name }) } #---------------------------------------------------------------------------- # INGRESS #---------------------------------------------------------------------------- resource "aws_security_group_rule" "http_from_internet" { type = "ingress" description = "HTTP - Inbound from Internet" from_port = "80" to_port = "80" protocol = "tcp" cidr_blocks = var.inbound_cidrs # tfsec:ignore:aws-vpc-no-public-ingress-sgr security_group_id = aws_security_group.alb.id } resource "aws_security_group_rule" "https_from_internet" { type = "ingress" description = "HTTPS - Inbound from Internet" from_port = "443" to_port = "443" protocol = "tcp" cidr_blocks = var.inbound_cidrs # tfsec:ignore:aws-vpc-no-public-ingress-sgr security_group_id = aws_security_group.alb.id } #---------------------------------------------------------------------------- # EGRESS #---------------------------------------------------------------------------- resource "aws_security_group_rule" "alb_to_server" { type = "egress" description = "${var.hostname} to the Server" from_port = var.server_port to_port = var.server_port protocol = "tcp" source_security_group_id = var.server_security_group security_group_id = aws_security_group.alb.id } #---------------------------------------------------------------------------- # Server Security Group #---------------------------------------------------------------------------- resource "aws_security_group_rule" "server_from_alb" { type = "ingress" description = "ALB to ${var.hostname}" from_port = var.server_port to_port = var.server_port protocol = "tcp" source_security_group_id = aws_security_group.alb.id security_group_id = var.server_security_group }