UPD: added CfIps.json and security_group module
This commit is contained in:
parent
2d43919595
commit
69a2790123
44
Modules/Compute/security_group/README.md
Normal file
44
Modules/Compute/security_group/README.md
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# security-group
|
||||||
|
This module create security group.
|
||||||
|
|
||||||
|
## Inputs
|
||||||
|
|
||||||
|
| Name | Description | Type | Default | Required |
|
||||||
|
|---------|-------------------|----------|---------|:--------:|
|
||||||
|
| vpc-id | VPC id | string | n/a | yes |
|
||||||
|
| ingress | See example below | map | n/a | yes |
|
||||||
|
| egress | See example below | map | n/a | yes |
|
||||||
|
|
||||||
|
## Outputs
|
||||||
|
|
||||||
|
| Name | Description |
|
||||||
|
|------------|--------------------------------|
|
||||||
|
| sg-id-name | A map of SG id and their names |
|
||||||
|
|
||||||
|
### Example
|
||||||
|
Below is a sample root module calling this shared module
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "admin-sg" {
|
||||||
|
|
||||||
|
source = "../../modules/compute/security_group"
|
||||||
|
|
||||||
|
description = "Security group for admins"
|
||||||
|
egress = {
|
||||||
|
r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
|
||||||
|
r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
|
||||||
|
r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},Client to BigFix server"
|
||||||
|
r4 = "-1,-1,-1,0.0.0.0/0,Outbound access"
|
||||||
|
}
|
||||||
|
ingress = {
|
||||||
|
r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
|
||||||
|
r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
|
||||||
|
r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},BigFix server to client"
|
||||||
|
}
|
||||||
|
name = "admin-sg"
|
||||||
|
vpc-id = "vpc-01a10b033169f89a8"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
39
Modules/Compute/security_group/main.tf
Normal file
39
Modules/Compute/security_group/main.tf
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
data "aws_default_tags" "this" {
|
||||||
|
lifecycle {
|
||||||
|
postcondition {
|
||||||
|
condition = length(self.tags) >= 1
|
||||||
|
error_message = "Validation failed: Provider default_tags not set."
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group" "sg" {
|
||||||
|
name = var.name
|
||||||
|
description = var.description
|
||||||
|
vpc_id = var.vpc-id
|
||||||
|
tags = { Name = var.name }
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {
|
||||||
|
for_each = var.ingress
|
||||||
|
security_group_id = aws_security_group.sg.id
|
||||||
|
ip_protocol = split(",", each.value)[0]
|
||||||
|
from_port = split(",", each.value)[1]
|
||||||
|
to_port = split(",", each.value)[2]
|
||||||
|
cidr_ipv4 = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
|
||||||
|
referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
|
||||||
|
prefix_list_id = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
|
||||||
|
description = split(",", each.value)[4]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc_security_group_egress_rule" "egress-rules" {
|
||||||
|
for_each = var.egress
|
||||||
|
security_group_id = aws_security_group.sg.id
|
||||||
|
ip_protocol = split(",", each.value)[0]
|
||||||
|
from_port = split(",", each.value)[1]
|
||||||
|
to_port = split(",", each.value)[2]
|
||||||
|
cidr_ipv4 = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
|
||||||
|
referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
|
||||||
|
prefix_list_id = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
|
||||||
|
description = split(",", each.value)[4]
|
||||||
|
}
|
3
Modules/Compute/security_group/outputs.tf
Normal file
3
Modules/Compute/security_group/outputs.tf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
output id {
|
||||||
|
value = aws_security_group.sg.id
|
||||||
|
}
|
5
Modules/Compute/security_group/variables.tf
Normal file
5
Modules/Compute/security_group/variables.tf
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
variable name {}
|
||||||
|
variable description {}
|
||||||
|
variable vpc-id {}
|
||||||
|
variable ingress {}
|
||||||
|
variable egress {}
|
1
NetworkContentDelivery/Exercise3/CfIps.json
Normal file
1
NetworkContentDelivery/Exercise3/CfIps.json
Normal file
@ -0,0 +1 @@
|
|||||||
|
{"result":{"ipv4_cidrs":["173.245.48.0/20","103.21.244.0/22","103.22.200.0/22","103.31.4.0/22","141.101.64.0/18","108.162.192.0/18","190.93.240.0/20","188.114.96.0/20","197.234.240.0/22","198.41.128.0/17","162.158.0.0/15","104.16.0.0/13","104.24.0.0/14","172.64.0.0/13","131.0.72.0/22"],"ipv6_cidrs":["2400:cb00::/32","2606:4700::/32","2803:f800::/32","2405:b500::/32","2405:8100::/32","2a06:98c0::/29","2c0f:f248::/32"],"etag":"38f79d050aa027e3be3865e495dcc9bc"},"success":true,"errors":[],"messages":[]}
|
Loading…
Reference in New Issue
Block a user