AFS
/
xdr-terraform-modules


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
							#----------------------------------------------------------------------------
# Security Group for HEC ELB
#----------------------------------------------------------------------------
resource "aws_security_group" "hec_pvt_elb_security_group" {
	# checkov:skip=CKV2_AWS_5: this SG is attached to HEC
  count       = local.splunk_private_hec ? 1 : 0
  name        = "hec_pvt_elb_security_group"
  description = "Security Group for the private moose HEC ELBs"
  vpc_id      = var.vpc_id
  tags        = merge(local.standard_tags, var.tags, { "Name" = "hec_pvt_elb_security_group" })
}

#----------------------------------------------------------------------------
# INGRESS
#----------------------------------------------------------------------------
resource "aws_security_group_rule" "hec-pvt-https-in-moose" {
  count             = local.is_moose ? 1 : 0
  type              = "ingress"
  description       = "HEC port - HTTPS - Inbound - Moose Only"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = ["10.0.0.0/8"]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

resource "aws_security_group_rule" "hec-pvt-https-in-customer" {
  count             = local.splunk_private_hec ? 1 : 0
  type              = "ingress"
  description       = "HEC port - HTTPS - Inbound - Customer Instances"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = [var.vpc_cidr]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

resource "aws_security_group_rule" "hec-pvt-in-moose" {
  count             = local.is_moose ? 1 : 0
  type              = "ingress"
  description       = "HEC port - Inbound - Moose Only"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = ["10.0.0.0/8"]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

resource "aws_security_group_rule" "hec-pvt-in-customer" {
  count             = local.splunk_private_hec ? 1 : 0
  type              = "ingress"
  description       = "HEC port - Inbound - Customer Instances"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = [var.vpc_cidr]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

#----------------------------------------------------------------------------
# EGRESS
#----------------------------------------------------------------------------
resource "aws_security_group_rule" "hec-pvt-out" {
  count             = local.splunk_private_hec ? 1 : 0
  type              = "egress"
  description       = "HEC to the indexers"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = local.splunk_vpc_cidrs
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}