link network security group to bastion nic for public ssh access [MRX…

…NM-52]
Vizzuality · Sep 13, 2024 · 0dc52cd · 0dc52cd
1 parent a303f03
commit 0dc52cd
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 0 deletions.
diff --git a/infrastructure/base/main.tf b/infrastructure/base/main.tf
@@ -39,6 +39,7 @@ module "bastion" {
   project_name            = var.project_name
   bastion_ssh_public_keys = var.bastion_ssh_public_keys
   bastion_subnet_id       = module.network.bastion_subnet_id
+  bastion_nsg_id          = module.network.bastion_nsg_id
   dns_zone                = module.dns.dns_zone
 }
 

diff --git a/infrastructure/base/modules/bastion/main.tf b/infrastructure/base/modules/bastion/main.tf
@@ -23,6 +23,11 @@ resource "azurerm_network_interface" "bastion_nic" {
   }
 }
 
+resource "azurerm_network_interface_security_group_association" "bastion_nic_nsg_association" {
+  network_interface_id      = azurerm_network_interface.bastion_nic.id
+  network_security_group_id = var.bastion_nsg_id
+}
+
 resource "tls_private_key" "ssh_private_key" {
   algorithm = "RSA"
   rsa_bits  = 4096

diff --git a/infrastructure/base/modules/bastion/variables.tf b/infrastructure/base/modules/bastion/variables.tf
@@ -21,6 +21,10 @@ variable "bastion_subnet_id" {
   description = "The id of the subnet where the bastion host will be placed"
 }
 
+variable "bastion_nsg_id" {
+  description = "The id of the network security group for the bastion host"
+}
+
 variable "dns_zone" {
   description = "The Azure DNS zone where the bastion A record will be added"
 }
diff --git a/infrastructure/base/modules/network/outputs.tf b/infrastructure/base/modules/network/outputs.tf
@@ -26,6 +26,10 @@ output "bastion_subnet_id" {
   value = azurerm_subnet.bastion_subnet.id
 }
 
+output "bastion_nsg_id" {
+  value = azurerm_network_security_group.bastion_nsg.id
+}
+
 output "firewall_subnet_id" {
   value = azurerm_subnet.firewall_subnet.id
 }