updated security group rules

ManagedKube · Mar 16, 2023 · d8c58b0 · d8c58b0
1 parent 390d012
commit d8c58b0
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 12 deletions.
diff --git a/terraform-modules/aws/qldb/main.tf b/terraform-modules/aws/qldb/main.tf
@@ -10,20 +10,28 @@ resource "aws_security_group" "qldb" {
   description = "qldb security group"
   vpc_id      = var.vpc_id
 
-  ingress {
-    description      = "TLS from VPC"
-    from_port        = 0
-    to_port          = 0
-    protocol         = "-1"
-    cidr_blocks      = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+  dynamic "ingress" {
+    for_each = var.ingress_rule
+    content {
+      description      = ingress.value["description"]
+      from_port        = ingress.value["from_port"]
+      to_port          = ingress.value["to_port"]
+      protocol         = ingress.value["protocol"]
+      cidr_blocks      = ingress.value["cidr_blocks"]
+      ipv6_cidr_blocks = ingress.value["ipv6_cidr_blocks"]
+    }
   }
 
-  egress {
-    from_port        = 0
-    to_port          = 0
-    protocol         = "-1"
-    cidr_blocks      = ["0.0.0.0/0"]
-    ipv6_cidr_blocks = ["::/0"]
+  dynamic "egress" {
+    for_each = var.egress_rule
+    content {
+      description      = egress.value["description"]
+      from_port        = egress.value["from_port"]
+      to_port          = egress.value["to_port"]
+      protocol         = egress.value["protocol"]
+      cidr_blocks      = egress.value["cidr_blocks"]
+      ipv6_cidr_blocks = egress.value["ipv6_cidr_blocks"]
+    }
   }
 
   tags = var.tags

diff --git a/terraform-modules/aws/qldb/variables.tf b/terraform-modules/aws/qldb/variables.tf
@@ -32,4 +32,34 @@ variable "vpc_id" {
   type        = string
   default     = ""
   description = "The vpc ID"
+}
+
+variable "ingress_rule" {
+  type        = list(any)
+  description = "A list of ingress rules"
+  default = [
+    {
+      description      = "All ports from internal addresses"
+      from_port        = 0
+      to_port          = 65535
+      protocol         = "tcp"
+      cidr_blocks      = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+      ipv6_cidr_blocks = []
+    },
+  ]
+}
+
+variable "egress_rule" {
+  type        = list(any)
+  description = "A list of egress rules"
+  default = [
+    {
+      description      = "All ports from internal addresses"
+      from_port        = 0
+      to_port          = 65535
+      protocol         = "tcp"
+      cidr_blocks      = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"] 
+      ipv6_cidr_blocks = ["::/0"]
+    },
+  ]
 }