Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
AFS
/
xdr-terraform-modules
2
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 74a584c32e
Branche Tagy
xdr-terraform-m...
/
submodules
/
load_balancer
/
public_alb
/
security_groups.tf

security_groups.tf 2.4 KB
História Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. #----------------------------------------------------------------------------
    2. 

  2. # Load Balancer ALB Security Group
    3. 

  3. #----------------------------------------------------------------------------
    4. 

  4. resource "aws_security_group" "alb" {
    5. 

  5.   vpc_id      = var.vpc_id
    6. 

  6.   name_prefix = "${local.name}-alb"
    7. 

  7.   description = "ALB SG for ${var.hostname}"
    8. 

  8.   tags        = merge(local.tags, { "Name" : local.name })
    9. 

  9. }
    10. 

  10. 

  11. #----------------------------------------------------------------------------
    12. 

  12. # INGRESS
    13. 

  13. #----------------------------------------------------------------------------
    14. 

  14. resource "aws_security_group_rule" "http_from_internet" {
    15. 

  15.   type              = "ingress"
    16. 

  16.   description       = "HTTP - Inbound from Internet"
    17. 

  17.   from_port         = "80"
    18. 

  18.   to_port           = "80"
    19. 

  19.   protocol          = "tcp"
    20. 

  20.   cidr_blocks       = var.inbound_cidrs # tfsec:ignore:aws-vpc-no-public-ingress-sgr
    21. 

  21.   security_group_id = aws_security_group.alb.id
    22. 

  22. }
    23. 

  23. 

  24. resource "aws_security_group_rule" "https_from_internet" {
    25. 

  25.   type              = "ingress"
    26. 

  26.   description       = "HTTPS - Inbound from Internet"
    27. 

  27.   from_port         = "443"
    28. 

  28.   to_port           = "443"
    29. 

  29.   protocol          = "tcp"
    30. 

  30.   cidr_blocks       = var.inbound_cidrs # tfsec:ignore:aws-vpc-no-public-ingress-sgr
    31. 

  31.   security_group_id = aws_security_group.alb.id
    32. 

  32. }
    33. 

  33. 

  34. #----------------------------------------------------------------------------
    35. 

  35. # EGRESS
    36. 

  36. #----------------------------------------------------------------------------
    37. 

  37. resource "aws_security_group_rule" "alb_to_server" {
    38. 

  38.   type                     = "egress"
    39. 

  39.   description              = "${var.hostname} to the Server"
    40. 

  40.   from_port                = var.server_port
    41. 

  41.   to_port                  = var.server_port
    42. 

  42.   protocol                 = "tcp"
    43. 

  43.   source_security_group_id = var.server_security_group
    44. 

  44.   security_group_id        = aws_security_group.alb.id
    45. 

  45. }
    46. 

  46. 

  47. #----------------------------------------------------------------------------
    48. 

  48. # Server Security Group
    49. 

  49. #----------------------------------------------------------------------------
    50. 

  50. resource "aws_security_group_rule" "server_from_alb" {
    51. 

  51.   type                     = "ingress"
    52. 

  52.   description              = "ALB to ${var.hostname}"
    53. 

  53.   from_port                = var.server_port
    54. 

  54.   to_port                  = var.server_port
    55. 

  55.   protocol                 = "tcp"
    56. 

  56.   source_security_group_id = aws_security_group.alb.id
    57. 

  57.   security_group_id        = var.server_security_group
    58. 

  58. }
    59.