From a0ff28b0ccfe945a87f37099e9cd970319c0126c Mon Sep 17 00:00:00 2001
From: IjazMoJ <134407207+IjazMoJ@users.noreply.github.com>
Date: Wed, 4 Oct 2023 12:04:34 +0100
Subject: [PATCH] Planetfm/dsos 2227/migration sg initial config (#3551)

* initial cutover SG config created for planetfm

* config added to locals file

* Update locals.tf

* Update locals_security_groups.tf

* Update locals_security_groups.tf

egress added
---
 terraform/environments/planetfm/locals.tf     |  1 +
 .../planetfm/locals_security_groups.tf        | 44 +++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/terraform/environments/planetfm/locals.tf b/terraform/environments/planetfm/locals.tf
index 207730070cd..c8ae4994c23 100644
--- a/terraform/environments/planetfm/locals.tf
+++ b/terraform/environments/planetfm/locals.tf
@@ -51,6 +51,7 @@ locals {
 
   baseline_security_groups = {
     data-db = local.security_groups.data_db
+    migration_cutover = local.security_groups.migration_cutover
   }
 
   baseline_sns_topics     = {}
diff --git a/terraform/environments/planetfm/locals_security_groups.tf b/terraform/environments/planetfm/locals_security_groups.tf
index 66b6437ee1c..a0ca6802580 100644
--- a/terraform/environments/planetfm/locals_security_groups.tf
+++ b/terraform/environments/planetfm/locals_security_groups.tf
@@ -23,5 +23,49 @@ locals {
         }
       }
     }
+
+    migration_cutover = {
+      description = "Security group for migrated instances"
+      ingress = {
+        all-from-self = {
+          description = "Allow all ingress to self"
+          from_port   = 0
+          to_port     = 0
+          protocol    = -1
+          self        = true
+        }
+        https = {
+          description     = "443: https ingress"
+          from_port       = 443
+          to_port         = 443
+          protocol        = "TCP"
+          cidr_blocks     = ["10.0.0.0/8"]
+          security_groups = []
+        }
+
+        rdp = {
+          description     = "3389: Allow RDP ingress"
+          from_port       = 3389
+          to_port         = 3389
+          protocol        = "TCP"
+          cidr_blocks     = ["10.40.50.128/26","10.40.50.64/26","10.40.50.0/26"]
+          security_groups = []
+        }
+      }
+
+
+      egress = {
+            all = {
+              description     = "Allow all egress"
+              from_port       = 0
+              to_port         = 0
+              protocol        = "-1"
+              cidr_blocks     = ["0.0.0.0/0"]
+              security_groups = []
+            }
+          }
+
+
+    }
   }
 }