Add specific ports instead of all tcp

Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>

lib/networking/vpc-stack.ts

@@ -90,7 +90,11 @@ export class NetworkStack extends Stack {
 
     /* The security group allows all ip access by default to all the ports.
     Please update below if you want to restrict access to certain ips and ports */
-    this.osSecurityGroup.addIngressRule(serverAccess, Port.allTcp());
+    this.osSecurityGroup.addIngressRule(serverAccess, Port.tcp(80));
+    this.osSecurityGroup.addIngressRule(serverAccess, Port.tcp(443));
+    this.osSecurityGroup.addIngressRule(serverAccess, Port.tcp(9200));
+    this.osSecurityGroup.addIngressRule(serverAccess, Port.tcp(5601));
+    this.osSecurityGroup.addIngressRule(serverAccess, Port.tcp(8443));
     this.osSecurityGroup.addIngressRule(this.osSecurityGroup, Port.allTraffic());
   }
 

test/opensearch-cluster-cdk.test.ts

@@ -209,6 +209,38 @@ test('Test Resources with security enabled multi-node with existing Vpc with use
     SecurityGroupIngress: [
       {
         CidrIp: '10.10.10.10/32',
+        Description: 'from 10.10.10.10/32:80',
+        FromPort: 80,
+        IpProtocol: 'tcp',
+        ToPort: 80,
+      },
+      {
+        CidrIp: '10.10.10.10/32',
+        Description: 'from 10.10.10.10/32:443',
+        FromPort: 443,
+        IpProtocol: 'tcp',
+        ToPort: 443,
+      },
+      {
+        CidrIp: '10.10.10.10/32',
+        Description: 'from 10.10.10.10/32:9200',
+        FromPort: 9200,
+        IpProtocol: 'tcp',
+        ToPort: 9200,
+      },
+      {
+        CidrIp: '10.10.10.10/32',
+        Description: 'from 10.10.10.10/32:5601',
+        FromPort: 5601,
+        IpProtocol: 'tcp',
+        ToPort: 5601,
+      },
+      {
+        CidrIp: '10.10.10.10/32',
+        Description: 'from 10.10.10.10/32:8443',
+        FromPort: 8443,
+        IpProtocol: 'tcp',
+        ToPort: 8443,
       },
     ],
   });