xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: hardened default vpc security group

Browse Source
This commit is contained in:
xpk 2021-01-29 11:45:09 +08:00
parent 93e9670539
commit d98ecfc1ec
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
layers/networking/base-network/.terraform.lock.hcl
View File

@ -3,7 +3,7 @@
provider "registry.terraform.io/hashicorp/aws" { provider "registry.terraform.io/hashicorp/aws" {
version = "3.25.0" version = "3.25.0"
constraints = ">= 2.68.0, >= 3.25.0" constraints = ">= 3.25.0"
hashes = [ hashes = [
"h1:9bXU5cFO/2DX8z5whaGMA7wcCalKQJZrBm89AuePuEM=", "h1:9bXU5cFO/2DX8z5whaGMA7wcCalKQJZrBm89AuePuEM=",
"zh:2d3c65461bc63ec39bce7b5afdbed9a3b4dd5c2c8ee94616ad1866e24cf9b8f0", "zh:2d3c65461bc63ec39bce7b5afdbed9a3b4dd5c2c8ee94616ad1866e24cf9b8f0",

27
modules/networking/vpc_subnets/vpc.tf
View File

@ -132,3 +132,30 @@ resource "aws_route_table_association" "private_route_association" {
route_table_id = aws_route_table.private-route-table[0].id route_table_id = aws_route_table.private-route-table[0].id
subnet_id = each.value subnet_id = each.value
} }
/*
harden default security group. the default sg created by aws allows all egress.
this resource limits ingress and egress from and to itself
*/
resource "aws_default_security_group" default-sg {
vpc_id = aws_vpc.vpc.id
ingress {
protocol = -1
self = true
from_port = 0
to_port = 0
}
egress {
from_port = 0
protocol = -1
to_port = 0
self = true
}
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-defaultsg"
},
)
}