-
Notifications
You must be signed in to change notification settings - Fork 0
/
NetworkResource.js
61 lines (47 loc) · 1.53 KB
/
NetworkResource.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
const pulumi = require('@pulumi/pulumi');
const awsx = require('@pulumi/awsx');
class NetworkResource extends pulumi.ComponentResource {
constructor(name, args, opts = {}) {
super('resource:group:NetworkResource', name, args, opts);
const createRule = (protocol, ports) => {
const klassIndex = {
tcp: awsx.ec2.TcpPorts,
udp: awsx.ec2.UdpPorts,
icmp: awsx.ec2.IcmpPorts,
};
const klass = klassIndex[protocol];
return ports.map((p) => ({
ports: new klass(p),
location: new awsx.ec2.AnyIPv4Location(),
}));
};
// https://www.digitalocean.com/community/tutorials/how-to-configure-the-linux-firewall-for-docker-swarm-on-ubuntu-16-04
const swarmClusterPorts = {
tcp: [2376, 2377, 7946],
udp: [4789, 7946],
};
// all icmp protocols
const icmpRules = createRule('icmp', [-1]);
const egress = [{
ports: new awsx.ec2.AllTraffic(),
location: new awsx.ec2.AnyIPv4Location(),
}];
const publicTcpPorts = [80, 443, 22];
const ingress = [
...createRule('tcp', publicTcpPorts),
...icmpRules,
...createRule('tcp', swarmClusterPorts.tcp),
...createRule('udp', swarmClusterPorts.udp),
];
// using default VPC
const securityGroup = new awsx.ec2.SecurityGroup('security-group', {
egress,
ingress,
});
this.id = securityGroup.id;
this.vpc = securityGroup.vpc;
this.securityGroup = securityGroup;
this.registerOutputs();
}
}
module.exports = NetworkResource;