Skip to content

[TEC-56][Change] - made changes in security groups #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 3, 2023
Merged

[TEC-56][Change] - made changes in security groups #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
23632c9
Merge pull request #23 from techiescamp/develop
techiescamp Aug 1, 2023
993520b
test
aswin-vijayan Aug 2, 2023
47fabdd
[TEC-56][Change] - made changes in security groups
aswin-vijayan Aug 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 62 additions & 15 deletions environments/dev/alb-asg/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,37 @@ module "alb-sg" {
source = "../../../modules/security-group"
region = var.region
tags = var.tags
name = "${var.environment}-${var.application}"
environment = var.environment
owner = var.owner
cost_center = var.cost_center
application = var.application
sg_name = var.alb_sg_name
vpc_id = var.vpc_id
ingress_from_port = var.alb_ingress_from_port
ingress_to_port = var.alb_ingress_to_port
ingress_protocol = var.alb_ingress_protocol

ingress_cidr_from_port = var.alb_ingress_cidr_from_port
ingress_cidr_to_port = var.alb_ingress_cidr_to_port
ingress_cidr_protocol = var.ingress_cidr_protocol
ingress_cidr_block = var.alb_ingress_cidr_block
egress_from_port = var.alb_egress_from_port
egress_to_port = var.alb_egress_to_port
egress_protocol = var.alb_egress_protocol
create_ingress_cidr = var.alb_create_ingress_cidr

ingress_sg_from_port = var.alb_ingress_sg_from_port
ingress_sg_to_port = var.alb_ingress_sg_to_port
ingress_sg_protocol = var.alb_ingress_sg_protocol
ingress_security_group_ids = var.security_group_id
create_ingress_sg = var.alb_create_ingress_sg

egress_cidr_from_port = var.alb_egress_cidr_from_port
egress_cidr_to_port = var.alb_egress_cidr_to_port
egress_cidr_protocol = var.alb_egress_cidr_protocol
egress_cidr_block = var.alb_egress_cidr_block
create_egress_cidr = var.alb_create_egress_cidr

egress_sg_from_port = var.alb_egress_sg_from_port
egress_sg_to_port = var.alb_egress_sg_to_port
egress_sg_protocol = var.alb_egress_sg_protocol
egress_security_group_ids = var.security_group_id
create_egress_sg = var.alb_create_egress_sg
}

module "alb" {
Expand Down Expand Up @@ -57,17 +75,46 @@ module "alb" {
security_group_ids = module.alb-sg.security_group_ids
}

module "instance-sg" {
source = "../../../modules/security-group"
region = var.region
tags = var.tags
name = "${var.environment}-${var.application}"
environment = var.environment
owner = var.owner
cost_center = var.cost_center
application = var.application
sg_name = var.sg_name
vpc_id = var.vpc_id

ingress_cidr_from_port = var.ingress_cidr_from_port
ingress_cidr_to_port = var.ingress_cidr_to_port
ingress_cidr_protocol = var.ingress_cidr_protocol
ingress_cidr_block = var.ingress_cidr_block
create_ingress_cidr = var.create_ingress_cidr

ingress_sg_from_port = var.ingress_sg_from_port
ingress_sg_to_port = var.ingress_sg_to_port
ingress_sg_protocol = var.ingress_sg_protocol
ingress_security_group_ids = module.alb-sg.security_group_ids
create_ingress_sg = var.create_ingress_sg

egress_cidr_from_port = var.egress_cidr_from_port
egress_cidr_to_port = var.egress_cidr_to_port
egress_cidr_protocol = var.egress_cidr_protocol
egress_cidr_block = var.egress_cidr_block
create_egress_cidr = var.create_egress_cidr

egress_sg_from_port = var.egress_sg_from_port
egress_sg_to_port = var.egress_sg_to_port
egress_sg_protocol = var.egress_sg_protocol
egress_security_group_ids = module.alb-sg.security_group_ids
create_egress_sg = var.create_egress_sg
}

module "asg" {
source = "../../../modules/asg"
ami_id = var.ami_id
ingress_from_port = var.ingress_from_port
ingress_to_port = var.ingress_to_port
ingress_protocol = var.ingress_protocol
ingress_cidr_block = var.ingress_cidr_block
egress_from_port = var.egress_from_port
egress_to_port = var.egress_to_port
egress_protocol = var.egress_protocol
egress_cidr_block = var.egress_cidr_block
instance_type = var.instance_type
key_name = var.key_name
vpc_id = var.vpc_id
Expand All @@ -84,7 +131,7 @@ module "asg" {
application = var.application
alb_target_group_arn = module.alb.alb_target_group_arn
iam_role = module.iam-policy.iam_role
security_group_ids = module.alb-sg.security_group_ids
security_group_ids = module.instance-sg.security_group_ids
tags = {
Owner = "${var.owner}"
Environment = "${var.environment}"
Expand Down
146 changes: 128 additions & 18 deletions environments/dev/alb-asg/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,11 +120,6 @@ variable "asg_subnets" {
type = list(string)
}

variable "security_group_ids" {
type = list(string)
description = "Security group id of the ec2 instance"
}

variable "public_access" {
description = "Whether the instance is public or not"
type = bool
Expand Down Expand Up @@ -175,83 +170,198 @@ variable "application" {
description = "Name of the application"
}

variable "security_group_id" {
description = "List of security group IDs to attach"
type = list(string)
}

variable "ingress_cidr_block" {
type = list(string)
description = "CIDR blocks for EC2 security group ingress rules"
}

variable "ingress_from_port" {
variable "ingress_cidr_from_port" {
description = "The starting port for ingress rules"
type = list(number)
}

variable "ingress_to_port" {
variable "ingress_cidr_to_port" {
description = "The ending port for ingress rules"
type = list(number)
}

variable "ingress_protocol" {
variable "ingress_cidr_protocol" {
description = "The protocol for ingress rules"
type = list(any)
}

variable "create_ingress_cidr" {
description = "Whether to create the ingress cidr or not"
type = bool
}

variable "ingress_sg_from_port" {
type = list(number)
description = "List of starting ports for sg ingress rules"
}

variable "ingress_sg_to_port" {
type = list(number)
description = "List of ending ports for sg ingress rules"
}

variable "ingress_sg_protocol" {
type = list(any)
description = "List of protocols for sg ingress rules"
}

variable "create_ingress_sg" {
type = bool
description = "Enable or disable Security Groups ingress rules."
}

variable "egress_cidr_block" {
type = list(string)
description = "CIDR blocks for EC2 security group egress rules"
description = "CIDR blocks for group egress rules"
}

variable "egress_cidr_from_port" {
description = "The starting port for egress rules"
type = list(number)
}

variable "egress_cidr_to_port" {
description = "The ending port for egress rules"
type = list(number)
}

variable "egress_cidr_protocol" {
description = "The protocol for egress rules"
type = list(any)
}

variable "create_egress_cidr" {
type = bool
description = "Enable or disable CIDR block egress rules."
}

variable "egress_from_port" {
variable "egress_sg_from_port" {
description = "The starting port for egress rules"
type = list(number)
}

variable "egress_to_port" {
variable "egress_sg_to_port" {
description = "The ending port for egress rules"
type = list(number)
}

variable "egress_protocol" {
variable "egress_sg_protocol" {
description = "The protocol for egress rules"
type = list(any)
}

variable "create_egress_sg" {
type = bool
description = "Enable or disable CIDR block egress rules."
}


variable "alb_ingress_cidr_block" {
type = list(string)
description = "CIDR blocks for EC2 security group ingress rules"
}

variable "alb_ingress_from_port" {
variable "alb_ingress_cidr_from_port" {
description = "The starting port for ingress rules"
type = list(number)
}

variable "alb_ingress_to_port" {
variable "alb_ingress_cidr_to_port" {
description = "The ending port for ingress rules"
type = list(number)
}

variable "alb_ingress_protocol" {
variable "alb_ingress_cidr_protocol" {
description = "The protocol for ingress rules"
type = list(any)
}

variable "alb_create_ingress_cidr" {
description = "Whether to create the ingress cidr or not"
type = bool
}

variable "alb_ingress_sg_from_port" {
type = list(number)
description = "List of starting ports for sg ingress rules of the EC2 security group."
}

variable "alb_ingress_sg_to_port" {
type = list(number)
description = "List of ending ports for sg ingress rules of the EC2 security group."
}

variable "alb_ingress_sg_protocol" {
type = list(any)
description = "List of protocols for sg ingress rules of the EC2 security group."
}

variable "alb_create_ingress_sg" {
type = bool
description = "Enable or disable Security Groups ingress rules."
}

variable "alb_egress_cidr_block" {
type = list(string)
description = "CIDR blocks for EC2 security group egress rules"
}

variable "alb_egress_from_port" {
variable "alb_egress_cidr_from_port" {
description = "The starting port for egress rules"
type = list(number)
}

variable "alb_egress_to_port" {
variable "alb_egress_cidr_to_port" {
description = "The ending port for egress rules"
type = list(number)
}

variable "alb_egress_protocol" {
variable "alb_egress_cidr_protocol" {
description = "The protocol for egress rules"
type = list(any)
}

variable "alb_create_egress_cidr" {
type = bool
description = "Enable or disable CIDR block egress rules."
}

variable "alb_egress_sg_from_port" {
description = "The starting port for egress rules"
type = list(number)
}

variable "alb_egress_sg_to_port" {
description = "The ending port for egress rules"
type = list(number)
}

variable "alb_egress_sg_protocol" {
description = "The protocol for egress rules"
type = list(any)
}

variable "alb_create_egress_sg" {
type = bool
description = "Enable or disable CIDR block egress rules."
}

variable "sg_name" {
type = string
description = "Name of the security group for the instance."
}

variable "alb_sg_name" {
type = string
description = "Name of the security group for the instance."
}
40 changes: 1 addition & 39 deletions modules/asg/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,44 +5,6 @@ locals {
)
}

resource "aws_security_group" "instance_sg" {
name = "${var.environment}-${var.application}-instance-sg"
description = "Security Group for Instance"
vpc_id = var.vpc_id

dynamic "ingress" {
for_each = toset(range(length(var.ingress_from_port)))
content {
from_port = var.ingress_from_port[ingress.key]
to_port = var.ingress_to_port[ingress.key]
protocol = var.ingress_protocol[ingress.key]
security_groups = var.security_group_ids
}
}

dynamic "egress" {
for_each = toset(range(length(var.egress_from_port)))
content {
from_port = var.egress_from_port[egress.key]
to_port = var.egress_to_port[egress.key]
protocol = var.egress_protocol[egress.key]
cidr_blocks = var.egress_cidr_block
}
}

tags = merge(
{
"Name" = "${var.environment}-${var.application}-sg"
"Environment" = var.environment
"Owner" = var.owner
"CostCenter" = var.cost_center
"Application" = var.application
},
var.tags
)

}

resource "aws_iam_instance_profile" "instance_profile" {
name = "${var.environment}-${var.application}-instance_profile"

Expand All @@ -61,7 +23,7 @@ resource "aws_launch_template" "application_lt" {

network_interfaces {
associate_public_ip_address = var.public_access
security_groups = [aws_security_group.instance_sg.id]
security_groups = var.security_group_ids
}

user_data = base64encode(var.user_data)
Expand Down
Loading