Skip to content

Commit

Permalink
Ingress security groups variable
Browse files Browse the repository at this point in the history
  • Loading branch information
@hboisgibault
hboisgibault committed Nov 7, 2021
1 parent f5f0812 commit 5ad4562
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 8 deletions.
36 changes: 30 additions & 6 deletions security_group.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,18 +33,42 @@ resource "aws_security_group" "main_sg" {
}
}

data "aws_security_group" "target_sg" {
count = length(var.ingress_target_security_groups)
name = var.ingress_target_security_groups[count.index]
#
# INGRESS SECURITY GROUPS RULES
#

data "aws_security_group" "ingress_sg" {
count = length(var.ingress_security_groups)
name = var.ingress_security_groups[count.index]
}

resource "aws_security_group_rule" "remote_ingress_traffic" {
count = length(data.aws_security_group.ingress_sg)
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
source_security_group_id = data.aws_security_group.ingress_sg[count.index].id
prefix_list_ids = []
security_group_id = aws_security_group.main_sg.id
}

#
# REMOTE SECURITY GROUPS
#

data "aws_security_group" "remote_sg" {
count = length(var.remote_ingress_security_groups)
name = var.remote_ingress_security_groups[count.index]
}

resource "aws_security_group_rule" "ingress_traffic" {
count = length(data.aws_security_group.target_sg)
resource "aws_security_group_rule" "remote_ingress_traffic" {
count = length(data.aws_security_group.remote_sg)
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
source_security_group_id = aws_security_group.main_sg.id
prefix_list_ids = []
security_group_id = data.aws_security_group.target_sg[count.index].id
security_group_id = data.aws_security_group.remote_sg[count.index].id
}
10 changes: 8 additions & 2 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,16 @@ variable "alb_listener_rule_priority" {
description = "Load balancer listener rule priority"
}

variable "ingress_target_security_groups" {
variable "ingress_security_groups" {
type = list(string)
default = []
description = "Security groups to allow ingress traffic to"
description = "List of security group names that will be allowed traffic to the instance"
}

variable "remote_ingress_security_groups" {
type = list(string)
default = []
description = "List of security group names to allow ingress traffic from the instance"
}

variable "target_capacity" {
Expand Down

0 comments on commit 5ad4562

Please sign in to comment.