AFS
/
xdr-terraform-modules


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364
							resource "aws_security_group" "hec_pvt_elb_security_group" {
  count = var.splunk_private_hec ? 1 : 0
  name = "hec_pvt_elb_security_group"
  description = "Security Group for the private moose HEC ELBs"
  vpc_id = var.vpc_id
  tags = merge(var.standard_tags, var.tags, { "Name" = "hec_pvt_elb_security_group" })
}

## Ingress
resource "aws_security_group_rule" "hec-pvt-https-in-moose" {
  count             = local.is_moose ? 1 : 0
  description       = "HEC port - HTTPS for moose only"
  type              = "ingress"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = [ "10.0.0.0/8" ]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

resource "aws_security_group_rule" "hec-pvt-https-in-customer" {
  count             = var.splunk_private_hec ? 1 : 0
  description       = "HEC port - HTTPS for customer instances"
  type              = "ingress"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = [ var.vpc_cidr ]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

resource "aws_security_group_rule" "hec-pvt-in-moose" {
  count             = local.is_moose ? 1 : 0
  description       = "HEC port in - Moose Only"
  type              = "ingress"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = [ "10.0.0.0/8" ]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

resource "aws_security_group_rule" "hec-pvt-in-customer" {
  count             = var.splunk_private_hec ? 1 : 0
  description       = "HEC port in for Customer"
  type              = "ingress"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = [ var.vpc_cidr ]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

## Egress
resource "aws_security_group_rule" "hec-pvt-out" {
  count             = var.splunk_private_hec ? 1 : 0
  description       = "HEC to the indexers"
  type              = "egress"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = local.splunk_vpc_cidrs
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}