re-apply sg rules (#3309)

ministryofjustice · Sep 7, 2023 · 7deee5e · 7deee5e
1 parent 12d9f9a
commit 7deee5e
Showing 1 changed file with 10 additions and 17 deletions.
diff --git a/terraform/environments/corporate-staff-rostering/locals_security_groups.tf b/terraform/environments/corporate-staff-rostering/locals_security_groups.tf
@@ -116,9 +116,7 @@ locals {
           protocol    = -1
           self        = true
         }
-
-        # ---------- comment back in ----------
-        /* dns = {
+        dns = {
           description     = "Allow ingress Azure domain controllers"
           from_port       = 53
           to_port         = 53
@@ -141,8 +139,8 @@ locals {
           protocol        = "TCP"
           cidr_blocks     = [for ip in module.ip_addresses.azure_fixngo_ips.devtest.domain_controllers : "${ip}/32"]
           security_groups = []
-        } */
-        /* netbios = {
+        }
+        netbios = {
           description     = "Allow ingress Azure domain controllers"
           from_port       = 137
           to_port         = 139
@@ -157,8 +155,8 @@ locals {
           protocol        = -1
           cidr_blocks     = [for ip in module.ip_addresses.azure_fixngo_ips.devtest.domain_controllers : "${ip}/32"]
           security_groups = []
-        } */
-        /* https = {
+        }
+        https = {
           description     = "Allow ingress from port 443"
           from_port       = 443
           to_port         = 443
@@ -215,8 +213,7 @@ locals {
           protocol        = "TCP"
           cidr_blocks     = [for ip in module.ip_addresses.azure_fixngo_ips.devtest.domain_controllers : "${ip}/32"]
           security_groups = []
-        } */
-        # ---------- comment back in ----------
+        }
         # http5985 = {
         #   description = "Allow ingress from port 5985"
         #   from_port       = 5985
@@ -289,8 +286,7 @@ locals {
           protocol    = -1
           self        = true
         }
-        # ------- comment back in ---------
-        /* ssh = {
+        ssh = {
           description     = "Allow SSH ingress"
           from_port       = 22
           to_port         = 22
@@ -323,7 +319,7 @@ locals {
           cidr_blocks     = [for ip in module.ip_addresses.azure_fixngo_ips.devtest.domain_controllers : "${ip}/32"]
           security_groups = []
         }
-        /* netbios = {
+        netbios = {
           description     = "Allow ingress Azure domain controllers"
           from_port       = 137
           to_port         = 139
@@ -338,8 +334,7 @@ locals {
           protocol        = -1
           cidr_blocks     = [for ip in module.ip_addresses.azure_fixngo_ips.devtest.domain_controllers : "${ip}/32"]
           security_groups = []
-        } */
-        /*
+        }
         https = {
           description     = "Allow ingress from port 443"
           from_port       = 443
@@ -358,7 +353,6 @@ locals {
           # cidr_blocks     = ["10.102.0.196/32"]
           security_groups = []
         }
-
         ldap_ssl = {
           description     = "Allow ingress Azure domain controllers"
           from_port       = 636
@@ -398,8 +392,7 @@ locals {
           protocol        = "TCP"
           cidr_blocks     = [for ip in module.ip_addresses.azure_fixngo_ips.devtest.domain_controllers : "${ip}/32"]
           security_groups = []
-        } */
-        # ------- comment back in ---------
+        }
         # http2109 = {
         #   description = "Allow ingress from port 2109"
         #   from_port       = 2109