bastion_sg.tf

4/14/2016 - 12:16 AM

# file name: infra/terraform/modules/aws_vpc/bastion_sg.tf

resource "aws_security_group" "bastion_ssh_sg" {
  name = "bastion_ssh"
  description = "Allow ssh to bastion hosts for each vpc from anywhere"
  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port = 8
    to_port = 0
    protocol = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  vpc_id = "${aws_vpc.mod.id}"
  tags {
      Name = "ssh_to_bastion_${var.env}"
  }
}

resource "aws_security_group" "ssh_from_bastion_sg" {
  name = "ssh_from_bastion"
  description = "Allow ssh from bastion hosts"
  # allow ssh from any bastion host to anywhere else inside that VPC.  VPC NACLs restrict
  # everything except the ssh connections coming from that env bastion hosts or dev bastion
  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["${var.ip_range}"]
  }
  vpc_id = "${aws_vpc.mod.id}"
  tags {
      Name = "ssh_from_bastion_${var.env}"
  }
}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

bastion_sg.tf