AFS
/
xdr-terraform-modules


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
							# From vmray admin installation guide, page 24
# Clients to server on 443
# Server to workers on 5900-5999 (VNC)
# Workers to server on 80 and 443

# Server
resource "aws_security_group" "vmray_server_sg" {
  name        = "vmray_server_sg"
  description = "Security Rules Specific to VMRay"
  vpc_id      = var.vpc_id
  tags        = merge(var.standard_tags, var.tags)
}

resource "aws_security_group_rule" "vmray_server_https_in" {
  type              = "ingress"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = var.cidr_map["vpc-access"]
  security_group_id = aws_security_group.vmray_server_sg.id
}

## Proxy - Ubuntu Advantage doesn't appear to respect it
#resource "aws_security_group_rule" "vmray_server_http_out" {
#  type              = "egress"
#  from_port         = 80
#  to_port           = 80
#  protocol          = "tcp"
#  cidr_blocks       = [ "0.0.0.0/0" ]
#  security_group_id = aws_security_group.vmray_server_sg.id
#}
#
#resource "aws_security_group_rule" "vmray_server_https_out" {
#  type              = "egress"
#  from_port         = 443
#  to_port           = 443
#  protocol          = "tcp"
#  cidr_blocks       = [ "0.0.0.0/0" ]
#  security_group_id = aws_security_group.vmray_server_sg.id
#}

resource "aws_security_group_rule" "vmray_server_vnc_to_workers" {
  type              = "egress"
  from_port         = 5900
  to_port           = 5999
  protocol          = "tcp"
  source_security_group_id = aws_security_group.vmray_worker_sg.id
  security_group_id = aws_security_group.vmray_server_sg.id
}

# Workers
resource "aws_security_group" "vmray_worker_sg" {
  name        = "vmray_worker_sg"
  description = "Security Rules for the VMRay Worker Nodes"
  vpc_id      = var.vpc_id
  tags        = merge(var.standard_tags, var.tags)
}

resource "aws_security_group_rule" "vmwary_worker_vnc_from_server" {
  type              = "ingress"
  from_port         = 5900
  to_port           = 5999
  protocol          = "tcp"
  source_security_group_id = aws_security_group.vmray_server_sg.id
  security_group_id = aws_security_group.vmray_worker_sg.id
}

resource "aws_security_group_rule" "vmray_worker_http_out" {
  type              = "egress"
  from_port         = 80
  to_port           = 80
  protocol          = "tcp"
  cidr_blocks       = [ "0.0.0.0/0" ]
  security_group_id = aws_security_group.vmray_worker_sg.id
}

resource "aws_security_group_rule" "vmray_worker_https_out" {
  type              = "egress"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = [ "0.0.0.0/0" ]
  security_group_id = aws_security_group.vmray_worker_sg.id
}

resource "aws_security_group_rule" "vmray_worker_http_to_server" {
  type              = "egress"
  from_port         = 80
  to_port           = 80
  protocol          = "tcp"
  source_security_group_id = aws_security_group.vmray_server_sg.id
  security_group_id = aws_security_group.vmray_worker_sg.id
}

resource "aws_security_group_rule" "vmray_worker_https_to_server" {
  type              = "egress"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  source_security_group_id = aws_security_group.vmray_server_sg.id
  security_group_id = aws_security_group.vmray_worker_sg.id
}