| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- #----------------------------------------------------------------------------
- # ALB Security Group
- #----------------------------------------------------------------------------
- resource "aws_security_group" "lb_server_external" {
- vpc_id = var.vpc_id
- name_prefix = "${var.name}-alb-sg-external"
- description = "${var.name} LB SG"
- tags = var.tags
- }
- #----------------------------------------------------------------------------
- # INGRESS
- #----------------------------------------------------------------------------
- resource "aws_security_group_rule" "allow_from_any" {
- count = var.allow_from_any ? 1 : 0
- description = "${var.name} - Allow from Any"
- type = "ingress"
- from_port = var.listener_port
- to_port = var.listener_port
- protocol = "tcp"
- cidr_blocks = [ "0.0.0.0/0" ]
- security_group_id = aws_security_group.lb_server_external.id
- }
- #----------------------------------------------------------------------------
- # EGRESS
- #----------------------------------------------------------------------------
- resource "aws_security_group_rule" "alb_to_servers" {
- type = "egress"
- from_port = var.target_port
- to_port = var.target_port
- protocol = "tcp"
- source_security_group_id = var.target_security_group
- description = "${var.name} - Allows the ALB to talk to the servers"
- security_group_id = aws_security_group.lb_server_external.id
- }
- resource "aws_security_group_rule" "alb_to_health" {
- count = var.target_port != var.healthcheck_port ? 1 : 0
- type = "egress"
- from_port = var.healthcheck_port
- to_port = var.healthcheck_port
- protocol = "tcp"
- source_security_group_id = var.target_security_group
- description = "${var.name} - Allows the ALB to talk to the Health check"
- security_group_id = aws_security_group.lb_server_external.id
- }
|
