Merge pull request #22 from Aswin-Vijayan/TEC-56

[TEC-56][Changes]-made chnages in security group

Author: techiescamp

environments/dev/alb-asg/main.tf

@@ -17,7 +17,7 @@ module "alb-sg" {
   environment                     = var.environment
   owner                           = var.owner
   cost_center                     = var.cost_center
-  application                     ="${var.application}-alb"
+  application                     = var.application
   vpc_id                          = var.vpc_id
   ingress_from_port               = var.alb_ingress_from_port
   ingress_to_port                 = var.alb_ingress_to_port
@@ -57,15 +57,9 @@ module "alb" {
   security_group_ids              = module.alb-sg.security_group_ids
 }
 
-module "instance-sg" {
-  source                          = "../../../modules/security-group"
-  region                          = var.region
-  tags                            = var.tags
-  environment                     = var.environment
-  owner                           = var.owner
-  cost_center                     = var.cost_center
-  application                     = var.application
-  vpc_id                          = var.vpc_id
+module "asg" {
+  source                          = "../../../modules/asg"
+  ami_id                          = var.ami_id
   ingress_from_port               = var.ingress_from_port
   ingress_to_port                 = var.ingress_to_port
   ingress_protocol                = var.ingress_protocol
@@ -74,11 +68,6 @@ module "instance-sg" {
   egress_to_port                  = var.egress_to_port
   egress_protocol                 = var.egress_protocol
   egress_cidr_block               = var.egress_cidr_block
-}
-
-module "asg" {
-  source                          = "../../../modules/asg"
-  ami_id                          = var.ami_id
   instance_type                   = var.instance_type
   key_name                        = var.key_name
   vpc_id                          = var.vpc_id
@@ -95,7 +84,7 @@ module "asg" {
   application                     = var.application
   alb_target_group_arn            = module.alb.alb_target_group_arn
   iam_role                        = module.iam-policy.iam_role
-  security_group_ids              = module.instance-sg.security_group_ids
+  security_group_ids              = module.alb-sg.security_group_ids
   tags = {
     Owner                         = "${var.owner}"
     Environment                   = "${var.environment}"

modules/asg/main.tf

@@ -5,6 +5,44 @@ locals {
   )
 }
 
+resource "aws_security_group" "instance_sg" {
+  name        = "${var.environment}-${var.application}-instance-sg"
+  description = "Security Group for Instance"
+  vpc_id      = var.vpc_id
+
+  dynamic "ingress" {
+    for_each = toset(range(length(var.ingress_from_port)))
+    content {
+      from_port   = var.ingress_from_port[ingress.key]
+      to_port     = var.ingress_to_port[ingress.key]
+      protocol    = var.ingress_protocol[ingress.key]
+      security_groups = var.security_group_ids
+    }
+  }
+
+  dynamic "egress" {
+    for_each = toset(range(length(var.egress_from_port)))
+    content {
+      from_port   = var.egress_from_port[egress.key]
+      to_port     = var.egress_to_port[egress.key]
+      protocol    = var.egress_protocol[egress.key]
+      cidr_blocks = var.egress_cidr_block
+    }
+  }
+
+  tags = merge(
+    {
+      "Name"        = "${var.environment}-${var.application}-sg"
+      "Environment" = var.environment
+      "Owner"       = var.owner
+      "CostCenter"  = var.cost_center
+      "Application" = var.application
+    },
+    var.tags
+  )
+
+}
+
 resource "aws_iam_instance_profile" "instance_profile" {
   name = "${var.environment}-${var.application}-instance_profile"
 
@@ -23,7 +61,7 @@ resource "aws_launch_template" "application_lt" {
 
   network_interfaces {
     associate_public_ip_address = var.public_access
-    security_groups             = var.security_group_ids
+    security_groups             = [aws_security_group.instance_sg.id]
   }
 
   user_data = base64encode(var.user_data)

modules/asg/variables.tf

@@ -93,3 +93,43 @@ variable "alb_target_group_arn" {
   description = "load balancer target group arn"
   type        = string
 }
+
+variable "ingress_cidr_block" {
+  type        = list(string)
+  description = "List of CIDR blocks for ingress rules of the EC2 security group."
+}
+
+variable "ingress_from_port" {
+  description = "List of starting ports for ingress rules of the EC2 security group."
+  type        = list(number)
+}
+
+variable "ingress_to_port" {
+  description = "List of ending ports for ingress rules of the EC2 security group."
+  type        = list(number)
+}
+
+variable "ingress_protocol" {
+  description = "List of protocols for ingress rules of the EC2 security group."
+  type        = list
+}
+
+variable "egress_cidr_block" {
+  type        = list(string)
+  description = "List of CIDR blocks for egress rules of the EC2 security group."
+}
+
+variable "egress_from_port" {
+  description = "List of starting ports for egress rules of the EC2 security group."
+  type        = list(number)
+}
+
+variable "egress_to_port" {
+  description = "List of ending ports for egress rules of the EC2 security group."
+  type        = list(number)
+}
+
+variable "egress_protocol" {
+  description = "List of protocols for egress rules of the EC2 security group."
+  type        = list
+}

vars/dev/alb-asg.tfvars

@@ -4,8 +4,8 @@ loadbalancer_type              = "application"
 alb_subnets                    = ["subnet-058a7514ba8adbb07", "subnet-0dbcd1ac168414927", "subnet-032f5077729435858"]
 
 #alb-sg
-alb_ingress_from_port          = [80, 8080]
-alb_ingress_to_port            = [80, 8080]
+alb_ingress_from_port          = [80, 22]
+alb_ingress_to_port            = [80, 22]
 alb_ingress_protocol           = ["tcp", "tcp"]
 alb_ingress_cidr_block         = ["0.0.0.0/0"]
 alb_egress_from_port           = [0]