2018-12-17 17:40:09 +00:00
|
|
|
data "aws_vpc" "default" {
|
|
|
|
default = true
|
|
|
|
}
|
|
|
|
|
2020-03-04 15:44:51 +00:00
|
|
|
data "aws_subnet" "default" {
|
|
|
|
availability_zone = var.availability_zone
|
|
|
|
vpc_id = data.aws_vpc.default.id
|
|
|
|
}
|
|
|
|
|
2021-06-04 14:04:45 +00:00
|
|
|
data "http" "my_public_ipv4" {
|
2021-06-07 22:12:42 +00:00
|
|
|
url = "https://api.ipify.org"
|
2021-06-04 14:04:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
locals {
|
|
|
|
ingress_cidr = var.restrict_ingress_cidrblock ? "${chomp(data.http.my_public_ipv4.body)}/32" : "0.0.0.0/0"
|
|
|
|
}
|
|
|
|
|
2018-12-17 17:40:09 +00:00
|
|
|
resource "aws_security_group" "primary" {
|
2019-10-14 15:27:08 +00:00
|
|
|
name = local.random_name
|
|
|
|
vpc_id = data.aws_vpc.default.id
|
2018-12-17 17:40:09 +00:00
|
|
|
|
|
|
|
ingress {
|
|
|
|
from_port = 22
|
|
|
|
to_port = 22
|
|
|
|
protocol = "tcp"
|
2021-06-04 14:04:45 +00:00
|
|
|
cidr_blocks = [local.ingress_cidr]
|
2018-12-17 17:40:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Nomad
|
|
|
|
ingress {
|
|
|
|
from_port = 4646
|
|
|
|
to_port = 4646
|
|
|
|
protocol = "tcp"
|
2021-06-04 14:04:45 +00:00
|
|
|
cidr_blocks = [local.ingress_cidr]
|
2018-12-17 17:40:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Fabio
|
|
|
|
ingress {
|
|
|
|
from_port = 9998
|
|
|
|
to_port = 9999
|
|
|
|
protocol = "tcp"
|
2021-06-04 14:04:45 +00:00
|
|
|
cidr_blocks = [local.ingress_cidr]
|
2018-12-17 17:40:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Consul
|
|
|
|
ingress {
|
|
|
|
from_port = 8500
|
|
|
|
to_port = 8500
|
|
|
|
protocol = "tcp"
|
2021-06-04 14:04:45 +00:00
|
|
|
cidr_blocks = [local.ingress_cidr]
|
2018-12-17 17:40:09 +00:00
|
|
|
}
|
|
|
|
|
2020-10-05 13:28:37 +00:00
|
|
|
# Vault
|
|
|
|
ingress {
|
|
|
|
from_port = 8200
|
|
|
|
to_port = 8200
|
|
|
|
protocol = "tcp"
|
2021-06-04 14:04:45 +00:00
|
|
|
cidr_blocks = [local.ingress_cidr]
|
2020-10-05 13:28:37 +00:00
|
|
|
}
|
|
|
|
|
2018-12-17 17:40:09 +00:00
|
|
|
ingress {
|
|
|
|
from_port = 0
|
|
|
|
to_port = 0
|
|
|
|
protocol = "-1"
|
|
|
|
self = true
|
|
|
|
}
|
|
|
|
|
|
|
|
egress {
|
|
|
|
from_port = 0
|
|
|
|
to_port = 0
|
|
|
|
protocol = "-1"
|
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-03-04 15:44:51 +00:00
|
|
|
resource "aws_security_group" "nfs" {
|
2020-10-14 14:29:33 +00:00
|
|
|
count = var.volumes ? 1 : 0
|
2020-03-04 15:44:51 +00:00
|
|
|
name = "${local.random_name}-nfs"
|
|
|
|
vpc_id = data.aws_vpc.default.id
|
|
|
|
|
|
|
|
ingress {
|
|
|
|
from_port = 2049
|
|
|
|
to_port = 2049
|
|
|
|
protocol = "tcp"
|
|
|
|
security_groups = [aws_security_group.primary.id]
|
|
|
|
}
|
|
|
|
}
|