Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
AFS
/
xdr-terraform-modules
2
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: 8e0498865b
Branches Tags
xdr-terraform-m...
/
submodules
/
load_balancer
/
static_nlb_to_alb
/
security-groups.tf

security-groups.tf 2.4 KB
Lịch sử Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. #----------------------------------------------------------------------------
    2. 

  2. # ALB Security Group
    3. 

  3. #----------------------------------------------------------------------------
    4. 

  4. resource "aws_security_group" "lb_server_external" {
    5. 

  5.   vpc_id      = var.vpc_id
    6. 

  6.   name_prefix = "${var.name}-alb-sg-external"
    7. 

  7.   description = "${var.name} LB SG"
    8. 

  8.   tags        = var.tags
    9. 

  9. }
    10. 

  10. 

  11. #----------------------------------------------------------------------------
    12. 

  12. # INGRESS
    13. 

  13. #----------------------------------------------------------------------------
    14. 

  14. resource "aws_security_group_rule" "allow_from_any" {
    15. 

  15.   count = var.allow_from_any ? 1 : 0
    16. 

  16. 

  17.   description       = "${var.name} - Allow from Any"
    18. 

  18.   type              = "ingress"
    19. 

  19.   from_port         = var.listener_port
    20. 

  20.   to_port           = var.listener_port
    21. 

  21.   protocol          = "tcp"
    22. 

  22.   cidr_blocks       = ["0.0.0.0/0"] # tfsec:ignore:aws-vpc-no-public-ingress-sgr Intentionally Open
    23. 

  23.   security_group_id = aws_security_group.lb_server_external.id
    24. 

  24. }
    25. 

  25. 

  26. resource "aws_security_group_rule" "allow_http_rediret" {
    27. 

  27.   count = var.redirect_80 ? 1 : 0
    28. 

  28. 

  29.   description       = "${var.name} - Allow from Any"
    30. 

  30.   type              = "ingress"
    31. 

  31.   from_port         = 80
    32. 

  32.   to_port           = 80
    33. 

  33.   protocol          = "tcp"
    34. 

  34.   cidr_blocks       = ["0.0.0.0/0"] # tfsec:ignore:aws-vpc-no-public-ingress-sgr Intentionally Open
    35. 

  35.   security_group_id = aws_security_group.lb_server_external.id
    36. 

  36. }
    37. 

  37. 

  38. #----------------------------------------------------------------------------
    39. 

  39. # EGRESS
    40. 

  40. #----------------------------------------------------------------------------
    41. 

  41. resource "aws_security_group_rule" "alb_to_servers" {
    42. 

  42.   type                     = "egress"
    43. 

  43.   from_port                = var.target_port
    44. 

  44.   to_port                  = var.target_port
    45. 

  45.   protocol                 = "tcp"
    46. 

  46.   source_security_group_id = var.target_security_group
    47. 

  47.   description              = "${var.name} - Allows the ALB to talk to the servers"
    48. 

  48.   security_group_id        = aws_security_group.lb_server_external.id
    49. 

  49. }
    50. 

  50. 

  51. resource "aws_security_group_rule" "alb_to_health" {
    52. 

  52.   count = var.target_port != var.healthcheck_port ? 1 : 0
    53. 

  53. 

  54.   type                     = "egress"
    55. 

  55.   from_port                = var.healthcheck_port
    56. 

  56.   to_port                  = var.healthcheck_port
    57. 

  57.   protocol                 = "tcp"
    58. 

  58.   source_security_group_id = var.target_security_group
    59. 

  59.   description              = "${var.name} - Allows the ALB to talk to the Health check"
    60. 

  60.   security_group_id        = aws_security_group.lb_server_external.id
    61. 

  61. }
    62.