From 5d6a8130fea5f76cf21325a74090d390d0cd20e6 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 4 Dec 2023 15:28:10 +0000 Subject: [PATCH 1/3] allow port 80 from loadbalancer for web instances --- .../planetfm/locals_security_groups.tf | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/terraform/environments/planetfm/locals_security_groups.tf b/terraform/environments/planetfm/locals_security_groups.tf index c290e11799d..24f68450974 100644 --- a/terraform/environments/planetfm/locals_security_groups.tf +++ b/terraform/environments/planetfm/locals_security_groups.tf @@ -116,13 +116,20 @@ locals { protocol = -1 self = true } - https_web = { - description = "443: Allow HTTPS ingress from Azure" - from_port = 443 - to_port = 443 - protocol = "TCP" - cidr_blocks = local.security_group_cidrs.enduserclient - } + http_web = { + description = "80: Allow HTTP ingress from LB" + from_port = 80 + to_port = 80 + protocol = "TCP" + security_groups = ["loadbalancer"] + } + # https_web = { + # description = "443: Allow HTTPS ingress from Azure" + # from_port = 443 + # to_port = 443 + # protocol = "TCP" + # cidr_blocks = local.security_group_cidrs.enduserclient + # } rdp_tcp_web = { description = "3389: Allow RDP UDP ingress from jumpserver" from_port = 3389 From ba12d7140c8a18f1b2daa73d057741c71825ba1a Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Tue, 5 Dec 2023 09:15:23 +0000 Subject: [PATCH 2/3] allow port 80 and 443 web --- .../planetfm/locals_security_groups.tf | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/terraform/environments/planetfm/locals_security_groups.tf b/terraform/environments/planetfm/locals_security_groups.tf index 24f68450974..fbd0d2bf153 100644 --- a/terraform/environments/planetfm/locals_security_groups.tf +++ b/terraform/environments/planetfm/locals_security_groups.tf @@ -117,19 +117,20 @@ locals { self = true } http_web = { - description = "80: Allow HTTP ingress from LB" - from_port = 80 - to_port = 80 - protocol = "TCP" - security_groups = ["loadbalancer"] - } - # https_web = { - # description = "443: Allow HTTPS ingress from Azure" - # from_port = 443 - # to_port = 443 - # protocol = "TCP" - # cidr_blocks = local.security_group_cidrs.enduserclient - # } + description = "80: Allow HTTP ingress from LB" + from_port = 80 + to_port = 80 + protocol = "TCP" + cidr_blocks = local.security_group_cidrs.enduserclient + # security_groups = ["loadbalancer"] + } + https_web = { + description = "443: Allow HTTPS ingress from Azure" + from_port = 443 + to_port = 443 + protocol = "TCP" + cidr_blocks = local.security_group_cidrs.enduserclient + } rdp_tcp_web = { description = "3389: Allow RDP UDP ingress from jumpserver" from_port = 3389 From 1abc81facd3b627c6f57ff0d84186820847f03fd Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Tue, 5 Dec 2023 09:25:21 +0000 Subject: [PATCH 3/3] add ssh bastion fixngo --- terraform/environments/planetfm/locals_security_groups.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/planetfm/locals_security_groups.tf b/terraform/environments/planetfm/locals_security_groups.tf index fbd0d2bf153..c64367a8164 100644 --- a/terraform/environments/planetfm/locals_security_groups.tf +++ b/terraform/environments/planetfm/locals_security_groups.tf @@ -121,8 +121,8 @@ locals { from_port = 80 to_port = 80 protocol = "TCP" - cidr_blocks = local.security_group_cidrs.enduserclient - # security_groups = ["loadbalancer"] + cidr_blocks = ["10.40.129.64/26"] # noms mgmt live jumpservers + security_groups = ["loadbalancer"] } https_web = { description = "443: Allow HTTPS ingress from Azure"