69 lines
1.7 KiB
HCL
69 lines
1.7 KiB
HCL
module "fw-ips" {
|
|
source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
|
|
}
|
|
|
|
resource "aws_security_group" "allow_tls" {
|
|
name = "${var.provision_id}-SG"
|
|
description = "${var.provision_id}-SG"
|
|
vpc_id = local.vpc_id
|
|
|
|
tags = local.tags
|
|
}
|
|
|
|
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
|
|
for_each = toset(module.fw-ips.cidr_blocks)
|
|
|
|
security_group_id = aws_security_group.allow_tls.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "dbport"
|
|
}
|
|
|
|
resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
|
|
|
|
for_each = toset(module.fw-ips.cidr_blocks)
|
|
|
|
security_group_id = aws_security_group.allow_tls.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "dbport"
|
|
}
|
|
|
|
resource "aws_security_group" "allow_tls_2" {
|
|
name = "${var.provision_id}-SG2"
|
|
description = "${var.provision_id}-SG2"
|
|
vpc_id = local.vpc_id
|
|
|
|
tags = local.tags
|
|
}
|
|
|
|
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4_2" {
|
|
for_each = toset(module.fw-ips.cidr_blocks_others)
|
|
|
|
security_group_id = aws_security_group.allow_tls_2.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "Others - dbport"
|
|
}
|
|
|
|
resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv_2" {
|
|
|
|
for_each = toset(module.fw-ips.cidr_blocks_others)
|
|
|
|
security_group_id = aws_security_group.allow_tls_2.id
|
|
|
|
cidr_ipv4 = each.key
|
|
from_port = local.port
|
|
ip_protocol = "tcp"
|
|
to_port = local.port
|
|
description = "Others - dbport"
|
|
} |