From ea1e1616dc2e9a60b1d2ba65c704c538a34ab247 Mon Sep 17 00:00:00 2001 From: Buckingham Date: Thu, 7 Nov 2024 10:31:58 +0000 Subject: [PATCH] Update_071124_2 --- terraform/environments/ppud/security_group.tf | 74 +++---------------- 1 file changed, 12 insertions(+), 62 deletions(-) diff --git a/terraform/environments/ppud/security_group.tf b/terraform/environments/ppud/security_group.tf index c3572ea06bc..bc6791aee1a 100644 --- a/terraform/environments/ppud/security_group.tf +++ b/terraform/environments/ppud/security_group.tf @@ -141,6 +141,8 @@ resource "aws_security_group_rule" "WAM-Data-Access-Server-Egress-2" { security_group_id = aws_security_group.WAM-Data-Access-Server.id } +# WAM Portal Group + resource "aws_security_group" "WAM-Portal" { vpc_id = data.aws_vpc.shared.id name = "WAM-Portal" @@ -171,6 +173,16 @@ resource "aws_security_group_rule" "WAM-Portal-ingress-1" { security_group_id = aws_security_group.WAM-Portal.id } +resource "aws_security_group_rule" "WAM-Portal-ingress-2" { + description = "Rule to allow port 443 traffic inbound" + type = "ingress" + from_port = 443 + to_port = 443 + protocol = "tcp" + source_security_group_id = aws_security_group.WAM-ALB.id + security_group_id = aws_security_group.WAM-Portal.id +} + resource "aws_security_group_rule" "WAM-Portal-egress" { description = "Rule to allow all traffic outbound" type = "egress" @@ -989,65 +1001,3 @@ resource "aws_security_group_rule" "docker-build-server-Egress-2" { cidr_blocks = ["0.0.0.0/0"] security_group_id = aws_security_group.docker-build-server[0].id } - -# WAM Server Group - -resource "aws_security_group" "WAM-Server-Group" { - vpc_id = data.aws_vpc.shared.id - name = "WAM-Server" - description = "WAM-Server for Dev, UAT & PROD" - - tags = { - Name = "${var.networking[0].business-unit}-${local.environment}" - } -} - -resource "aws_security_group_rule" "WAM-Server-Group-ingress" { - description = "Rule to allow port 80 traffic inbound" - type = "ingress" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = [data.aws_vpc.shared.cidr_block] - security_group_id = aws_security_group.WAM-Server-Group.id -} - -resource "aws_security_group_rule" "WAM-Server-Group-ingress-1" { - description = "Rule to allow port 3389 traffic inbound" - type = "ingress" - from_port = 3389 - to_port = 3389 - protocol = "tcp" - cidr_blocks = [data.aws_vpc.shared.cidr_block] - security_group_id = aws_security_group.WAM-Server-Group.id -} - -resource "aws_security_group_rule" "WAM-Server-Group-egress" { - description = "Rule to allow all traffic outbound" - type = "egress" - from_port = 0 - to_port = 0 - protocol = "all" - cidr_blocks = [data.aws_vpc.shared.cidr_block] - security_group_id = aws_security_group.WAM-Server-Group.id -} - -resource "aws_security_group_rule" "WAM-Server-Group-Egress-1" { - description = "Rule to allow port 443 traffic outbound" - type = "egress" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = aws_security_group.WAM-Server-Group.id -} - -resource "aws_security_group_rule" "WAM-Server-Group-Egress-2" { - description = "Rule to allow port 80 traffic outbound" - type = "egress" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - security_group_id = aws_security_group.WAM-Server-Group.id -}