| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- # Rather than pass in the aws security group, we just look it up. This will
- # probably be useful other places, as well.
- data "aws_security_group" "typical-host" {
- name = "typical-host"
- vpc_id = var.vpc_id
- }
- resource "aws_security_group" "instance" {
- name = "instance-${var.instance_name}"
- description = "Instances of type ${var.instance_name}"
- vpc_id = var.vpc_id
- tags = merge(var.standard_tags, var.tags)
- }
- resource "aws_security_group_rule" "instance-http-in" {
- description = "HTTP in - used for letsencrypt certbot"
- type = "ingress"
- from_port = "80"
- to_port = "80"
- protocol = "tcp"
- cidr_blocks = [ "0.0.0.0/0" ]
- security_group_id = aws_security_group.instance.id
- }
- resource "aws_security_group_rule" "instance-teleport-in" {
- description = "Teleport"
- type = "ingress"
- from_port = "3023"
- to_port = "3025"
- protocol = "tcp"
- cidr_blocks = [ "10.0.0.0/8" ]
- security_group_id = aws_security_group.instance.id
- }
- resource "aws_security_group_rule" "instance-teleport-proxy-in" {
- description = "Teleport - Proxy web server"
- type = "ingress"
- from_port = "3080"
- to_port = "3080"
- protocol = "tcp"
- cidr_blocks = [ "0.0.0.0/0" ]
- security_group_id = aws_security_group.instance.id
- }
|
