From ff5dc285cef4dfa3bd3816dca24de5e0f5dbb70a Mon Sep 17 00:00:00 2001
From: Neil Smith <github@nsmith.me.uk>
Date: Mon, 1 Apr 2019 11:42:25 +0100
Subject: [PATCH] Standardised security groups

---
 lpas_collection.tf    | 16 ++--------------
 security_groups.tf    | 18 ++++++++++++++++++
 sirius_access_demo.tf |  6 +-----
 3 files changed, 21 insertions(+), 19 deletions(-)
 create mode 100644 security_groups.tf

diff --git a/lpas_collection.tf b/lpas_collection.tf
index f090001..f3a9f1f 100644
--- a/lpas_collection.tf
+++ b/lpas_collection.tf
@@ -14,19 +14,6 @@ data "aws_secretsmanager_secret_version" "sirius_credentials" {
 //-------------------------------
 // Setup the Lambda
 
-resource "aws_security_group" "lpas_collection" {
-  name        = "lpas_collection"
-  description = "lpas_collection Security Group"
-  vpc_id      = "${data.aws_vpc.vpc.id}"
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
 module "lpas_collection_lambda" {
   source = "modules/lambda"
 
@@ -35,7 +22,8 @@ module "lpas_collection_lambda" {
   lambda_handler           = "id_handler"
 
   security_group_ids = [
-    "${aws_security_group.lpas_collection.id}",
+    "${aws_security_group.lambda.id}",
+    "${data.aws_security_group.membrane_client.id}"
   ]
 
   vpc = "${local.vpc_name}"
diff --git a/security_groups.tf b/security_groups.tf
new file mode 100644
index 0000000..048b343
--- /dev/null
+++ b/security_groups.tf
@@ -0,0 +1,18 @@
+
+// Identifies all clients that can talk to the Membrane ELB
+data "aws_security_group" "membrane_client" {
+  name = "${local.membrane_client_security_group_name}"
+}
+
+resource "aws_security_group" "lambda" {
+  name        = "opg-sirius-api-gateway-lambdas"
+  description = "egress rules for OPG Sirius API Gateway"
+  vpc_id      = "${data.aws_vpc.vpc.id}"
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/sirius_access_demo.tf b/sirius_access_demo.tf
index 4e93ee1..2fc4d11 100644
--- a/sirius_access_demo.tf
+++ b/sirius_access_demo.tf
@@ -1,8 +1,4 @@
 
-data "aws_security_group" "membrane_client" {
-  name = "${local.membrane_client_security_group_name}"
-}
-
 module "sirius_access_test_lambda" {
   source = "modules/lambda"
 
@@ -11,7 +7,7 @@ module "sirius_access_test_lambda" {
   lambda_handler           = "test_handler"
 
   security_group_ids = [
-    "${aws_security_group.lpas_collection.id}",
+    "${aws_security_group.lambda.id}",
     "${data.aws_security_group.membrane_client.id}"
   ]