| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- {% import 'variables.include' as var %}
- #######
- # A security group for the ELB so it is accessible via the web
- resource "aws_security_group" "sg_instance_access" {
- name = "sg_instance_access"
- description = "Allows ssh/http/https in from me. Allows outbound on select ports."
- vpc_id = "${aws_vpc.vpc_primary.id}"
- # SSH, HTTP, and HTTPS inbound from me
- ingress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
- cidr_blocks = "${var.Trusted-CIDR}"
- }
- ingress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
- cidr_blocks = "${var.Trusted-CIDR}"
- }
- ingress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
- cidr_blocks = "${var.Trusted-CIDR}"
- }
- # Outbound Access
- egress {
- from_port = 20
- to_port = 21
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- egress {
- from_port = 22
- to_port = 22
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- egress {
- from_port = 53
- to_port = 53
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- egress {
- from_port = 53
- to_port = 53
- protocol = "udp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- egress {
- from_port = 80
- to_port = 80
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- egress {
- from_port = 443
- to_port = 443
- protocol = "tcp"
- cidr_blocks = ["0.0.0.0/0"]
- }
- }
|
