Support granting source security group IDs access to consul-cluster #13

sclausson · 2017-10-09T19:25:17Z

To be consistent with vault-cluster module there should be variables for allowed_ssh_security_group_ids and allowed_inbound_security_group_ids to allow security group IDs to access the cluster (in addition to, or instead of cidr_blocks).

Could be implemented exactly the same way in consul-cluster/main.tf

resource "aws_security_group_rule" "allow_ssh_inbound_from_security_group_ids" {
  count                    = "${length(var.allowed_ssh_security_group_ids)}"
  type                     = "ingress"
  from_port                = "${var.ssh_port}"
  to_port                  = "${var.ssh_port}"
  protocol                 = "tcp"
  source_security_group_id = "${element(var.allowed_ssh_security_group_ids, count.index)}"

  security_group_id = "${aws_security_group.lc_security_group.id}"
}

and multiple aws_security_group_rule resources in consul-security-group-rules/main.tf

resource "aws_security_group_rule" "allow_<some_protocol>_inbound_from_security_group_ids" {
  count                    = "${length(var.allowed_inbound_security_group_ids)}"
  type                     = "ingress"
  from_port                = "${var.<some_protocol>_port}"
  to_port                  = "${var.<some_protocol>_port}"
  protocol                 = "<tcp or udp>"
  source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}"

  security_group_id = "${var.security_group_id}"
}

The text was updated successfully, but these errors were encountered:

brikis98 · 2017-10-09T23:09:59Z

Agreed! PR welcome :)

sclausson · 2017-10-10T21:01:00Z

#14

sclausson · 2017-10-17T08:25:08Z

Thanks for merging!

Allow 0 or more CIDR blocks in allow_ssh_cidr_blocks list

Automatically publish AMIs for new releases.

brikis98 added enhancement help wanted labels Oct 9, 2017

sclausson closed this as completed Oct 17, 2017

jgiles mentioned this issue Feb 17, 2018

Should security group rules implicitly allow inbound from self? #46

Open

Etiene pushed a commit that referenced this issue Mar 14, 2019

Merge pull request #13 from sclausson/allow_0_ssh_cidrs

7c7dbff

Allow 0 or more CIDR blocks in allow_ssh_cidr_blocks list

aedades pushed a commit to dreamboxlearning/terraform-aws-consul that referenced this issue Dec 6, 2022

Merge pull request hashicorp#13 from gruntwork-io/publish-amis

1c9ab8f

Automatically publish AMIs for new releases.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support granting source security group IDs access to consul-cluster #13

Support granting source security group IDs access to consul-cluster #13

sclausson commented Oct 9, 2017 •

edited

Loading

brikis98 commented Oct 9, 2017

sclausson commented Oct 10, 2017

sclausson commented Oct 17, 2017

Support granting source security group IDs access to consul-cluster #13

Support granting source security group IDs access to consul-cluster #13

Comments

sclausson commented Oct 9, 2017 • edited Loading

brikis98 commented Oct 9, 2017

sclausson commented Oct 10, 2017

sclausson commented Oct 17, 2017

sclausson commented Oct 9, 2017 •

edited

Loading