# SG Summary - Server # Ingress: # 22 - sync from other security centers # 443 - User access # Egress: # 25 - smtp # 443 - updates # tcp/1243 - "Communicating with Log Correlation Engine" (unneeded in xdr) # tcp/8834-8835 - Communicating With Nessus - to vpc-scanners resource "aws_security_group" "security_center" { name_prefix = "security_center" tags = merge( var.standard_tags, var.tags, { Name = "security_center" } ) vpc_id = var.vpc_id description = "Nessus Security Scanner" } #----------------------------------------------------------------- # Inbound access #----------------------------------------------------------------- resource "aws_security_group_rule" "security_center_inbound_443" { security_group_id = aws_security_group.security_center.id type = "ingress" cidr_blocks = var.cidr_map["vpc-access"] from_port = 443 to_port = 443 protocol = "tcp" description = "Inbound 443 (from access, for testing)" } resource "aws_security_group_rule" "security_center_inbound_443_from_alb" { security_group_id = aws_security_group.security_center.id type = "ingress" source_security_group_id = aws_security_group.security_center_alb_server_internal.id from_port = 443 to_port = 443 protocol = "tcp" description = "Inbound 443 from the ALB" } #----------------------------------------------------------------- # Outbound access #----------------------------------------------------------------- resource "aws_security_group_rule" "security_center_outbound_nessus" { security_group_id = aws_security_group.security_center.id type = "egress" cidr_blocks = concat(var.cidr_map["vpc-scanners"], var.cidr_map["vpc-private-services"]) # Scanners and managers from_port = 8834 to_port = 8835 protocol = "tcp" description = "Outbound to Scanners and Managers" }