From 2aa641e661ea5f50f73b500f0cce00a84daabb14 Mon Sep 17 00:00:00 2001 From: Piotr Grzeskowiak Date: Mon, 5 Feb 2024 17:38:42 +0000 Subject: [PATCH] WIP --- .../delius-mis/application_variables.json | 2 +- terraform/environments/delius-mis/temp-ec2.tf | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/terraform/environments/delius-mis/application_variables.json b/terraform/environments/delius-mis/application_variables.json index 6b52bfe9b30..43a51f9b609 100644 --- a/terraform/environments/delius-mis/application_variables.json +++ b/terraform/environments/delius-mis/application_variables.json @@ -1,7 +1,7 @@ { "accounts": { "development": { - "example_var": "dev-data" + "legacy_counterpart_cidr": "10.162.32.0/20" }, "test": { "example_var": "test-data" diff --git a/terraform/environments/delius-mis/temp-ec2.tf b/terraform/environments/delius-mis/temp-ec2.tf index 15714995235..d8d739836cf 100644 --- a/terraform/environments/delius-mis/temp-ec2.tf +++ b/terraform/environments/delius-mis/temp-ec2.tf @@ -24,6 +24,40 @@ resource "aws_vpc_security_group_egress_rule" "allow_http_traffic_ipv4" { to_port = each.key } +resource "aws_vpc_security_group_egress_rule" "allow_http_traffic" { + for_each = toset(["80", "443"]) + + security_group_id = aws_security_group.example_ec2_sg.id + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "tcp" + from_port = each.key + to_port = each.key +} + +resource "aws_vpc_security_group_egress_rule" "ad_icmp" { + security_group_id = aws_security_group.example_ec2_sg.id + cidr_ipv4 = local.application_data.accounts[local.environment].legacy_counterpart_cidr + ip_protocol = "icmp" +} + +resource "aws_vpc_security_group_egress_rule" "ad_tcp" { + for_each = toset(["53", "88", "135", "389", "445", "464", "636"]) + + security_group_id = aws_security_group.example_ec2_sg.id + cidr_ipv4 = local.application_data.accounts[local.environment].legacy_counterpart_cidr + ip_protocol = "tcp" + from_port = each.key + to_port = each.key +} + +resource "aws_vpc_security_group_egress_rule" "ad_tcp_ephemeral" { + security_group_id = aws_security_group.example_ec2_sg.id + cidr_ipv4 = local.application_data.accounts[local.environment].legacy_counterpart_cidr + ip_protocol = "tcp" + from_port = 1024 + to_port = 65535 +} + resource "aws_key_pair" "ec2-user" { key_name = "ec2-user" public_key = file(".ssh/${terraform.workspace}/ec2-user.pub")