# The Magic Machine is dependent on this Security Group data "aws_vpc" "this" { id = var.vpc_id } data "aws_subnet" "this" { id = var.public_subnets[0] } resource "aws_security_group" "this" { name = "${var.name}_magic_machine_security_group" description = "Security Group for magic machine ${var.name}" tags = merge(local.standard_tags, var.tags) vpc_id = data.aws_vpc.this.id } resource "aws_security_group_rule" "this" { type = "ingress" cidr_blocks = ["10.0.0.0/8"] from_port = 22 to_port = 22 protocol = "tcp" description = "Allows codebuild to access Magic Machine and for troubleshooting" security_group_id = aws_security_group.this.id } resource "aws_security_group_rule" "allow_outbound_mm" { type = "egress" cidr_blocks = ["0.0.0.0/0"] # tfsec:ignore:aws-vpc-no-public-egress-sgr from_port = 443 to_port = 443 protocol = "tcp" description = "Allow Magic Machine to communicate via HTTPS outbound" security_group_id = aws_security_group.this.id } resource "aws_security_group" "codebuild" { name = "${var.name}_codebuild_security_group" description = "Security Group for codebuild ${var.name}" tags = merge(local.standard_tags, var.tags) vpc_id = data.aws_vpc.this.id } resource "aws_security_group_rule" "allow_outbound" { type = "egress" cidr_blocks = ["0.0.0.0/0"] # tfsec:ignore:aws-vpc-no-public-egress-sgr from_port = 443 to_port = 443 protocol = "tcp" description = "Allow codebuild to communicate via HTTPS outbound" security_group_id = aws_security_group.codebuild.id } resource "aws_security_group_rule" "allow_ssh_outbound" { type = "egress" cidr_blocks = ["10.0.0.0/8"] from_port = 22 to_port = 22 protocol = "tcp" description = "Allow codebuild to communicate via SSH outbound" security_group_id = aws_security_group.codebuild.id }