AFS
/
xdr-terraform-modules


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
							# SG Summary - Server
#     Ingress: 
#       22 - sync from other security centers
#       443 - User access
#     Egress:  
#       25 - smtp
#       443 - updates
#       tcp/1243 - "Communicating with Log Correlation Engine" (unneeded in xdr)
#       tcp/8834-8835 - Communicating With Nessus - to vpc-scanners
resource "aws_security_group" "security_center" {
  name_prefix = "security_center"
  tags = merge( var.standard_tags, var.tags, { Name = "security_center" } )
  vpc_id      = var.vpc_id
  description = "Nessus Security Scanner"
}

#-----------------------------------------------------------------
# Inbound access
#-----------------------------------------------------------------
resource "aws_security_group_rule" "security_center_inbound_443" {
  security_group_id        = aws_security_group.security_center.id
  type                     = "ingress"
  cidr_blocks              = var.cidr_map["vpc-access"]
  from_port                = 443
  to_port                  = 443
  protocol                 = "tcp"
  description              = "Inbound 443 (from access, for testing)"
}

resource "aws_security_group_rule" "security_center_inbound_443_from_alb" {
  security_group_id        = aws_security_group.security_center.id
  type                     = "ingress"
  source_security_group_id = aws_security_group.security_center_alb_server_internal.id
  from_port                = 443
  to_port                  = 443
  protocol                 = "tcp"
  description              = "Inbound 443 from the ALB"
}

#-----------------------------------------------------------------
# Outbound access
#-----------------------------------------------------------------
resource "aws_security_group_rule" "security_center_outbound_nessus" {
  security_group_id        = aws_security_group.security_center.id
  type                     = "egress"
  cidr_blocks              = concat(var.cidr_map["vpc-scanners"], var.cidr_map["vpc-private-services"]) # Scanners and managers
  from_port                = 8834
  to_port                  = 8835
  protocol                 = "tcp"
  description              = "Outbound to Scanners and Managers"
}