33 lines
825 B
Terraform
33 lines
825 B
Terraform
module "example-sg" {
|
|
source = "../"
|
|
name = "bastion-sg"
|
|
description = "SG of EC2 bastion instances"
|
|
vpc-id = "vpc-12345678"
|
|
ingress = {
|
|
r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
|
|
r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
|
|
r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.example.id},BigFix server to client"
|
|
}
|
|
egress = {
|
|
r1 = "-1,-1,-1,0.0.0.0/0,Allow egress ipv4"
|
|
r2 = "-1,-1,-1,::/0,Allow egress ipv6"
|
|
}
|
|
}
|
|
|
|
|
|
resource "aws_ec2_managed_prefix_list" "example" {
|
|
name = "Omprem subnets"
|
|
address_family = "IPv4"
|
|
max_entries = 5
|
|
|
|
dynamic "entry" {
|
|
for_each = toset([
|
|
"192.168.99.0/24",
|
|
"192.168.100.0/24"
|
|
])
|
|
content {
|
|
cidr = entry.value
|
|
description = "Onprem management subnets"
|
|
}
|
|
}
|
|
} |