Skip to content

Commit

Permalink
feat: Add SG Project
Browse files Browse the repository at this point in the history
  • Loading branch information
@1ambda
1ambda committed Feb 5, 2022
1 parent 719911c commit 30868e0
Show file tree
Hide file tree
Showing 9 changed files with 108 additions and 0 deletions.
7 changes: 7 additions & 0 deletions project-terraform-aws/_aws-root-sg/_data.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
data "terraform_remote_state" "root_vpc" {
backend = "local"

config = {
path = "../__tf_state/_aws-root-vpc/terraform.tfstate"
}
}
13 changes: 13 additions & 0 deletions project-terraform-aws/_aws-root-sg/_local.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
locals {
environment_common = "common"
environment_development = "development"
environment_production = "production"

region_seoul = "ap-northeast-2"

team_data = "data"
}

locals {
network_range_ssh_whitelist = "0.0.0.0/0"
}
3 changes: 3 additions & 0 deletions project-terraform-aws/_aws-root-sg/_output.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "sg_id_bastion_public_data_dev" {
value = module.module-sg-data-dev.sg_id
}
3 changes: 3 additions & 0 deletions project-terraform-aws/_aws-root-sg/_provider.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
provider "aws" {
region = local.region_seoul
}
20 changes: 20 additions & 0 deletions project-terraform-aws/_aws-root-sg/_terraform.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
terraform {
required_version = ">= 1.1.3"

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.71.0"
}
}

/**
* 테스팅 목적으로 Terraform Backend 를 사용하지 않습니다
*/

backend "local" {
path = "../__tf_state/_aws-root-sg/terraform.tfstate"
}

}

9 changes: 9 additions & 0 deletions project-terraform-aws/_aws-root-sg/main_sg_data_dev.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
module "module-sg-data-dev" {
source = "./module-sg-data-dev"

environment = local.environment_development
team = local.team_data

vpc_id = data.terraform_remote_state.root_vpc.outputs.vpc_id_data_dev
network_range_ssh_whitelist = local.network_range_ssh_whitelist
}
3 changes: 3 additions & 0 deletions project-terraform-aws/_aws-root-sg/module-sg-data-dev/_output.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "sg_id" {
value = aws_security_group.bastion_public.id
}
5 changes: 5 additions & 0 deletions project-terraform-aws/_aws-root-sg/module-sg-data-dev/_variable.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variable "environment" {}
variable "team" {}

variable "vpc_id" {}
variable "network_range_ssh_whitelist" {}
45 changes: 45 additions & 0 deletions project-terraform-aws/_aws-root-sg/module-sg-data-dev/dev.bastion-public.sg.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
locals {
purpose_bastion_public = "bastion-public"
}

resource "aws_security_group" "bastion_public" {
name = "${local.purpose_bastion_public}-${lower(var.environment)}"

tags = {
Terraform = "true"
Environment = var.environment
Team = var.team

Name = "${local.purpose_bastion_public}-${lower(var.environment)}"
}

vpc_id = var.vpc_id
}

resource "aws_security_group_rule" "bastion_allow_to_all" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"

cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]

security_group_id = aws_security_group.bastion_public.id
}

resource "aws_security_group_rule" "bastion_allow_ssh_from_whitelist" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"

// 일반적으로는 회사 네트워크나 VPN 대역등을 넣습니다.
cidr_blocks = [
var.network_range_ssh_whitelist,
]

security_group_id = aws_security_group.bastion_public.id

description = "SSH Whitelisted"
}

0 comments on commit 30868e0

Please sign in to comment.