Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
AFS
/
xdr-terraform-modules
2
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: ef47fe7929
Gałęzie Tagi
xdr-terraform-m...
/
base
/
github
/
securitygroups-load-balancers.tf

securitygroups-load-balancers.tf 4.8 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 
  1. #----------------------------------------------------------------
    2. 

  2. # SG for the external ELB
    3. 

  3. #----------------------------------------------------------------
    4. 

  4. resource "aws_security_group" "ghe_elb_external" {
    5. 

  5.   name_prefix = "ghe_elb_external"
    6. 

  6.   tags = merge( var.standard_tags, var.tags, { Name = "github-external-lb" } )
    7. 

  7.   vpc_id      = var.vpc_id
    8. 

  8.   description = "External ELB for GitHub Enterprise Server"
    9. 

  9. }
    10. 

  10. 

  11. resource "aws_security_group_rule" "ghe_elb_external_inbound_https_22_cidr" {
    12. 

  12.   security_group_id        = aws_security_group.ghe_elb_external.id
    13. 

  13.   type                     = "ingress"
    14. 

  14.   cidr_blocks              = [ "0.0.0.0/0" ]
    15. 

  15.   from_port                = 22
    16. 

  16.   to_port                  = 22
    17. 

  17.   protocol                 = "tcp"
    18. 

  18.   description              = "Inbound git"
    19. 

  19. }
    20. 

  20. 

  21. resource "aws_security_group_rule" "ghe_elb_external_inbound_https_cidr" {
    22. 

  22.   security_group_id        = aws_security_group.ghe_elb_external.id
    23. 

  23.   type                     = "ingress"
    24. 

  24.   cidr_blocks              = [ "0.0.0.0/0" ]
    25. 

  25.   from_port                = 443
    26. 

  26.   to_port                  = 444
    27. 

  27.   protocol                 = "tcp"
    28. 

  28.   description              = "Inbound https to ELB"
    29. 

  29. }
    30. 

  30. 

  31. # Let the ELB talk to the github server(s)
    32. 

  32. resource "aws_security_group_rule" "ghe_elb_external_outbound_ssh" {
    33. 

  33.   security_group_id        = aws_security_group.ghe_elb_external.id
    34. 

  34.   type                     = "egress"
    35. 

  35.   source_security_group_id = aws_security_group.ghe_server.id
    36. 

  36.   from_port                = 23
    37. 

  37.   to_port                  = 23
    38. 

  38.   protocol                 = "tcp"
    39. 

  39.   description              = "Outbound ssh (PROXY) from ELB to GH servers"
    40. 

  40. }
    41. 

  41. 

  42. resource "aws_security_group_rule" "ghe_elb_external_outbound_https" {
    43. 

  43.   security_group_id        = aws_security_group.ghe_elb_external.id
    44. 

  44.   type                     = "egress"
    45. 

  45.   source_security_group_id = aws_security_group.ghe_server.id
    46. 

  46.   from_port                = 443
    47. 

  47.   to_port                  = 443
    48. 

  48.   protocol                 = "tcp"
    49. 

  49.   description              = "Outbound https from ELB to GH servers"
    50. 

  50. }
    51. 

  51. 

  52. #----------------------------------------------------------------
    53. 

  53. # SG for the internal ELB
    54. 

  54. #----------------------------------------------------------------
    55. 

  55. resource "aws_security_group" "ghe_elb_internal" {
    56. 

  56.   name_prefix = "ghe_elb_internal"
    57. 

  57.   tags = merge( var.standard_tags, var.tags, { Name = "github-internal-lb" } )
    58. 

  58.   vpc_id      = var.vpc_id
    59. 

  59.   description = "Internal ELB for GitHub Enterprise Server"
    60. 

  60. }
    61. 

  61. 

  62. resource "aws_security_group_rule" "ghe_elb_internal_inbound_https_cidr" {
    63. 

  63.   security_group_id        = aws_security_group.ghe_elb_internal.id
    64. 

  64.   type                     = "ingress"
    65. 

  65.   cidr_blocks              = [ "10.0.0.0/8" ]
    66. 

  66.   from_port                = 443
    67. 

  67.   to_port                  = 443
    68. 

  68.   protocol                 = "tcp"
    69. 

  69.   description              = "Inbound https"
    70. 

  70. }
    71. 

  71. 

  72. resource "aws_security_group_rule" "ghe_elb_internal_inbound_https_8443_cidr" {
    73. 

  73.   security_group_id        = aws_security_group.ghe_elb_internal.id
    74. 

  74.   type                     = "ingress"
    75. 

  75.   cidr_blocks              = [ "10.0.0.0/8" ]
    76. 

  76.   from_port                = 8443
    77. 

  77.   to_port                  = 8443
    78. 

  78.   protocol                 = "tcp"
    79. 

  79.   description              = "Inbound https"
    80. 

  80. }
    81. 

  81. resource "aws_security_group_rule" "ghe_elb_internal_inbound_https_22_cidr" {
    82. 

  82.   security_group_id        = aws_security_group.ghe_elb_internal.id
    83. 

  83.   type                     = "ingress"
    84. 

  84.   cidr_blocks              = [ "10.0.0.0/8" ]
    85. 

  85.   from_port                = 22
    86. 

  86.   to_port                  = 22
    87. 

  87.   protocol                 = "tcp"
    88. 

  88.   description              = "Inbound git"
    89. 

  89. }
    90. 

  90. 

  91. # Let the ELB talk to the github server(s)
    92. 

  92. resource "aws_security_group_rule" "ghe_elb_internal_outbound_https" {
    93. 

  93.   security_group_id        = aws_security_group.ghe_elb_internal.id
    94. 

  94.   type                     = "egress"
    95. 

  95.   source_security_group_id = aws_security_group.ghe_server.id
    96. 

  96.   from_port                = 443
    97. 

  97.   to_port                  = 443
    98. 

  98.   protocol                 = "tcp"
    99. 

  99.   description              = "Outbound https from ELB to GH Servers"
    100. 

  100. }
    101. 

  101. 

  102. # Let the ELB talk to the github server(s)
    103. 

  103. resource "aws_security_group_rule" "ghe_elb_internal_outbound_8444_https" {
    104. 

  104.   security_group_id        = aws_security_group.ghe_elb_internal.id
    105. 

  105.   type                     = "egress"
    106. 

  106.   source_security_group_id = aws_security_group.ghe_server.id
    107. 

  107.   from_port                = 8443
    108. 

  108.   to_port                  = 8443
    109. 

  109.   protocol                 = "tcp"
    110. 

  110.   description              = "Outbound https from ELB to GH Servers"
    111. 

  111. }
    112. 

  112. resource "aws_security_group_rule" "ghe_elb_internal_outbound_23_https" {
    113. 

  113.   security_group_id        = aws_security_group.ghe_elb_internal.id
    114. 

  114.   type                     = "egress"
    115. 

  115.   source_security_group_id = aws_security_group.ghe_server.id
    116. 

  116.   from_port                = 23 
    117. 

  117.   to_port                  = 23
    118. 

  118.   protocol                 = "tcp"
    119. 

  119.   description              = "Outbound https from ELB to GH Servers"
    120. 

  120. }
    121.