From d99bf6b9fa9d17a2ba99b7894a92f01245ef8cad Mon Sep 17 00:00:00 2001 From: Dominic Robinson Date: Tue, 17 Dec 2024 14:10:38 +0000 Subject: [PATCH] - --- .../locals_security_groups.tf | 64 +++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/terraform/environments/corporate-staff-rostering/locals_security_groups.tf b/terraform/environments/corporate-staff-rostering/locals_security_groups.tf index cda542d61f8..e1358aefed9 100644 --- a/terraform/environments/corporate-staff-rostering/locals_security_groups.tf +++ b/terraform/environments/corporate-staff-rostering/locals_security_groups.tf @@ -152,22 +152,22 @@ locals { security_groups = ["load-balancer"] # NOTE: will need to be changed to point to client access possibly } - rpc_tcp_web = { # typo in name - this is for UDP but can't easily be changed - description = "135: UDP MS-RPC allow ingress from app and db servers" - from_port = 135 - to_port = 135 - protocol = "UDP" - security_groups = ["app", "database"] - # NOTE: csr_clientaccess will need to be added here to cidr_blocks - } - rpc_tcp_web2 = { - description = "135: TCP MS-RPC allow ingress from app and db servers" - from_port = 135 - to_port = 135 - protocol = "TCP" - security_groups = ["app", "database"] - # NOTE: csr_clientaccess will need to be added here to cidr_blocks - } + #rpc_tcp_web = { # typo in name - this is for UDP but can't easily be changed + # description = "135: UDP MS-RPC allow ingress from app and db servers" + # from_port = 135 + # to_port = 135 + # protocol = "UDP" + # security_groups = ["app", "database"] + # # NOTE: csr_clientaccess will need to be added here to cidr_blocks + #} + #rpc_tcp_web2 = { + # description = "135: TCP MS-RPC allow ingress from app and db servers" + # from_port = 135 + # to_port = 135 + # protocol = "TCP" + # security_groups = ["app", "database"] + # # NOTE: csr_clientaccess will need to be added here to cidr_blocks + #} https_web = { description = "443: enduserclient https ingress" from_port = 443 @@ -288,22 +288,22 @@ locals { } # IMPORTANT: check if an 'allow all from load-balancer' rule is required # IMPORTANT: check whether http/https traffic is still needed? It's in the original but not used at an app level - rpc_tcp_app = { # typo in name - this is for UDP but can't easily be changed - description = "135: UDP MS-RPC allow ingress from app and db servers" - from_port = 135 - to_port = 135 - protocol = "UDP" - security_groups = ["web", "database"] - # NOTE: csr_clientaccess will need to be added here to cidr_blocks - } - rpc_tcp_app2 = { - description = "135: TCP MS-RPC allow ingress from app and db servers" - from_port = 135 - to_port = 135 - protocol = "TCP" - security_groups = ["web", "database"] - # NOTE: csr_clientaccess will need to be added here to cidr_blocks - } + #rpc_tcp_app = { # typo in name - this is for UDP but can't easily be changed + # description = "135: UDP MS-RPC allow ingress from app and db servers" + # from_port = 135 + # to_port = 135 + # protocol = "UDP" + # security_groups = ["web", "database"] + # # NOTE: csr_clientaccess will need to be added here to cidr_blocks + #} + #rpc_tcp_app2 = { + # description = "135: TCP MS-RPC allow ingress from app and db servers" + # from_port = 135 + # to_port = 135 + # protocol = "TCP" + # security_groups = ["web", "database"] + # # NOTE: csr_clientaccess will need to be added here to cidr_blocks + #} smb_tcp_app = { description = "445: TCP SMB allow ingress from app and db servers" from_port = 445