| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 | #----------------------------------------------------------------# SG for the external ELB#----------------------------------------------------------------resource "aws_security_group" "ghe_elb_external" {  name_prefix = "ghe_elb_external"  tags = merge( var.standard_tags, var.tags, { Name = "github-external-lb" } )  vpc_id      = var.vpc_id  description = "External ELB for GitHub Enterprise Server"}resource "aws_security_group_rule" "ghe_elb_external_inbound_https_22_cidr" {  security_group_id        = aws_security_group.ghe_elb_external.id  type                     = "ingress"  cidr_blocks              = [ "0.0.0.0/0" ]  from_port                = 22  to_port                  = 22  protocol                 = "tcp"  description              = "Inbound git"}resource "aws_security_group_rule" "ghe_elb_external_inbound_http_cidr" {  security_group_id        = aws_security_group.ghe_elb_external.id  type                     = "ingress"  cidr_blocks              = [ "0.0.0.0/0" ]  from_port                = 80  to_port                  = 80  protocol                 = "tcp"  description              = "Inbound http to ELB"}resource "aws_security_group_rule" "ghe_elb_external_inbound_https_cidr" {  security_group_id        = aws_security_group.ghe_elb_external.id  type                     = "ingress"  cidr_blocks              = [ "0.0.0.0/0" ]  from_port                = 443  to_port                  = 444  protocol                 = "tcp"  description              = "Inbound https to ELB"}# Let the ELB talk to the github server(s)resource "aws_security_group_rule" "ghe_elb_external_outbound_ssh" {  security_group_id        = aws_security_group.ghe_elb_external.id  type                     = "egress"  source_security_group_id = aws_security_group.ghe_server.id  from_port                = 23  to_port                  = 23  protocol                 = "tcp"  description              = "Outbound ssh (PROXY) from ELB to GH servers"}resource "aws_security_group_rule" "ghe_elb_external_outbound_http" {  security_group_id        = aws_security_group.ghe_elb_external.id  type                     = "egress"  source_security_group_id = aws_security_group.ghe_server.id  from_port                = 80  to_port                  = 80  protocol                 = "tcp"  description              = "Outbound HTTP from ELB to GH servers for LetsEncrypt on GHE"}resource "aws_security_group_rule" "ghe_elb_external_outbound_https" {  security_group_id        = aws_security_group.ghe_elb_external.id  type                     = "egress"  source_security_group_id = aws_security_group.ghe_server.id  from_port                = 443  to_port                  = 443  protocol                 = "tcp"  description              = "Outbound https from ELB to GH servers"}#----------------------------------------------------------------# SG for the internal ELB#----------------------------------------------------------------resource "aws_security_group" "ghe_elb_internal" {  name_prefix = "ghe_elb_internal"  tags = merge( var.standard_tags, var.tags, { Name = "github-internal-lb" } )  vpc_id      = var.vpc_id  description = "Internal ELB for GitHub Enterprise Server"}resource "aws_security_group_rule" "ghe_elb_internal_inbound_https_cidr" {  security_group_id        = aws_security_group.ghe_elb_internal.id  type                     = "ingress"  cidr_blocks              = [ "10.0.0.0/8" ]  from_port                = 443  to_port                  = 443  protocol                 = "tcp"  description              = "Inbound https"}resource "aws_security_group_rule" "ghe_elb_internal_inbound_https_8443_cidr" {  security_group_id        = aws_security_group.ghe_elb_internal.id  type                     = "ingress"  cidr_blocks              = [ "10.0.0.0/8" ]  from_port                = 8443  to_port                  = 8443  protocol                 = "tcp"  description              = "Inbound https"}resource "aws_security_group_rule" "ghe_elb_internal_inbound_https_22_cidr" {  security_group_id        = aws_security_group.ghe_elb_internal.id  type                     = "ingress"  cidr_blocks              = [ "10.0.0.0/8" ]  from_port                = 22  to_port                  = 22  protocol                 = "tcp"  description              = "Inbound git"}# Let the ELB talk to the github server(s)resource "aws_security_group_rule" "ghe_elb_internal_outbound_https" {  security_group_id        = aws_security_group.ghe_elb_internal.id  type                     = "egress"  source_security_group_id = aws_security_group.ghe_server.id  from_port                = 443  to_port                  = 443  protocol                 = "tcp"  description              = "Outbound https from ELB to GH Servers"}# Let the ELB talk to the github server(s)resource "aws_security_group_rule" "ghe_elb_internal_outbound_8444_https" {  security_group_id        = aws_security_group.ghe_elb_internal.id  type                     = "egress"  source_security_group_id = aws_security_group.ghe_server.id  from_port                = 8443  to_port                  = 8444  protocol                 = "tcp"  description              = "Outbound https from ELB to GH Servers"}resource "aws_security_group_rule" "ghe_elb_internal_outbound_23_https" {  security_group_id        = aws_security_group.ghe_elb_internal.id  type                     = "egress"  source_security_group_id = aws_security_group.ghe_server.id  from_port                = 23   to_port                  = 23  protocol                 = "tcp"  description              = "Outbound https from ELB to GH Servers"}
 |