-
Notifications
You must be signed in to change notification settings - Fork 0
/
sec-group.tf
67 lines (58 loc) · 1.61 KB
/
sec-group.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#############################################################################################################################
#
# EC2 Security Group
#
#
# Security Group for Load Balance
#
module "elb_remote_ssh" {
source = "git::https://github.com/jslopes8/terraform-aws-networking-security-group.git?ref=v2.2"
name = "ELB-${local.stack_name}"
vpc_id = data.aws_subnet_ids.sn_public.id
rule = [
{
description = "Bastion SSH Remote"
type = "ingress"
from_port = "22"
to_port = "22"
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
]
default_tags = local.default_tags
}
#
# Security Group for Launch Config - EC2 Instance Bastion
#
module "ec2_bastion_sg" {
source = "git@github.com:jslopes8/terraform-aws-networking-security-group.git?ref=v2.2"
name = "EC2-${local.stack_name}"
vpc_id = data.aws_subnet_ids.sn_private.id
rule = [
{
description = "EC2_RemoteSSH_by_ELB"
type = "ingress"
from_port = "22"
to_port = "22"
protocol = "tcp"
sec_group_id = module.elb_remote_ssh.id
},
{
description = "EC2_RemoteSSH_AccessInternal"
type = "ingress"
from_port = "22"
to_port = "22"
protocol = "tcp"
cidr_blocks = [ data.aws_vpc.selected.cidr_block ]
},
{
description = "EC2_RemoteICMP_AccessInternal"
type = "ingress"
from_port = "0"
to_port = "-1"
protocol = "icmp"
cidr_blocks = [ data.aws_vpc.selected.cidr_block ]
}
]
default_tags = local.default_tags
}