| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- ## Indexer Security Group
- #
- # Summary:
- # Ingress:
- # tcp/8088 - Splunk HEC - (local.data_sources) Entire VPC + var.additional_source + var.splunk_legacy_cidr
- # Egress:
- # tcp/8088 - Splunk HEC
- # Defined in security-group-indexers.tf:
- #locals {
- # splunk_vpc_cidrs = toset(concat(var.splunk_legacy_cidr, [ var.vpc_cidr ]))
- # access_cidrs = toset(concat(var.cidr_map["bastions"], var.cidr_map["vpns"]))
- # data_sources = toset(concat(tolist(local.splunk_vpc_cidrs), var.splunk_data_sources))
- #}
- resource "aws_security_group" "hec_elb_security_group" {
- name = "hec_elb_security_group"
- description = "Security Group for HEC ELBs (both ack and non-ack)"
- vpc_id = var.vpc_id
- tags = merge(var.standard_tags, var.tags, { "Name" = "hec_elb_security_group" })
- }
- ## Ingress
- resource "aws_security_group_rule" "hec-https-in" {
- count = local.is_moose ? 1 : 0
- description = "HEC port - HTTPS for moose only"
- type = "ingress"
- from_port = 443
- to_port = 443
- protocol = "tcp"
- cidr_blocks = [ "0.0.0.0/0" ]
- security_group_id = aws_security_group.hec_elb_security_group.id
- }
- resource "aws_security_group_rule" "hec-in" {
- description = "HEC port in"
- type = "ingress"
- from_port = 8088
- to_port = 8088
- protocol = "tcp"
- cidr_blocks = [ "0.0.0.0/0" ]
- security_group_id = aws_security_group.hec_elb_security_group.id
- }
- ## Egress
- resource "aws_security_group_rule" "hec-out" {
- description = "HEC to the indexers"
- type = "egress"
- from_port = 8088
- to_port = 8088
- protocol = "tcp"
- cidr_blocks = local.splunk_vpc_cidrs
- security_group_id = aws_security_group.hec_elb_security_group.id
- }
|
