aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf3900a906'
${ noResults }
boundary/enos/modules/aws_boundary/security-groups.tf

151 lines
3.7 KiB
Raw Blame History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
data "enos_environment" "localhost" {}
locals {
listener_ports = {
"api" : var.listener_api_port,
"cluster" : var.listener_cluster_port,
"proxy_port" : var.listener_proxy_port,
"ops" : var.listener_ops_port,
}
alb_listener_ports = {
"api" : var.alb_listener_api_port,
}
}
resource "aws_security_group" "boundary_sg" {
name = "boundary-sg-${random_string.cluster_id.result}"
description = "SSH and boundary Traffic"
vpc_id = var.vpc_id
# SSH
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = flatten([formatlist("%s/32", data.enos_environment.localhost.public_ipv4_addresses)])
}
dynamic "ingress" {
for_each = local.listener_ports
content {
cidr_blocks = flatten([
formatlist("%s/32", data.enos_environment.localhost.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
])
description = ingress.key
from_port = ingress.value
to_port = ingress.value
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
self = null
security_groups = []
}
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = merge(
local.common_tags,
{
Name = "${local.name_prefix}-boundary-sg"
},
)
}
# Other modules use this SG to add rules for the Boundary controllers
resource "aws_security_group" "boundary_aux_sg" {
name = "boundary-sg-aux-${random_string.cluster_id.result}"
description = "Extra controller rules"
vpc_id = var.vpc_id
tags = merge(
local.common_tags,
{
Name = "${local.name_prefix}-boundary-aux-sg"
},
)
}
resource "aws_security_group" "boundary_alb_sg" {
name = "boundary-alb-sg-${random_string.cluster_id.result}"
description = "boundary Traffic"
vpc_id = var.vpc_id
dynamic "ingress" {
for_each = local.alb_listener_ports
content {
cidr_blocks = flatten([
formatlist("%s/32", data.enos_environment.localhost.public_ipv4_addresses),
join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block),
format("%s/32", aws_instance.controller.0.public_ip),
formatlist("%s/32", var.alb_sg_additional_ips)
])
description = ingress.key
from_port = ingress.value
to_port = ingress.value
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
self = null
security_groups = []
}
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = merge(
local.common_tags,
{
Name = "${local.name_prefix}-boundary-alb-sg"
},
)
}
resource "aws_security_group" "boundary_db_sg" {
name = "boundary-db-sg-${random_string.cluster_id.result}"
description = "Postgres Traffic"
vpc_id = var.vpc_id
ingress {
cidr_blocks = flatten([formatlist("%s/32", data.enos_environment.localhost.public_ipv4_addresses), join(",", data.aws_vpc.infra.cidr_block_associations.*.cidr_block)])
description = "database"
from_port = 5432
to_port = 5432
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
self = null
security_groups = []
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = merge(local.common_tags,
{
Name = "${local.name_prefix}-boundary-db-sg"
},
)
}
Reference in new issue View Git Blame Copy Permalink