diff options
author | clarkzjw <[email protected]> | 2022-12-09 17:22:10 -0800 |
---|---|---|
committer | clarkzjw <[email protected]> | 2022-12-09 17:22:10 -0800 |
commit | cb5f8087f8c69c920f87fd5c219906f0796d6938 (patch) | |
tree | 8103290af0e2e14feb4fd1f1c5374fbdb1cdab75 /jinwei.me/infra/sg.tf | |
parent | 0a8d79e00ebf51965b102b883e72d9e7987d50ae (diff) | |
download | jinwei.me-cb5f8087f8c69c920f87fd5c219906f0796d6938.tar.gz |
aws infra: add ec2, rds, vpc
Diffstat (limited to 'jinwei.me/infra/sg.tf')
-rw-r--r-- | jinwei.me/infra/sg.tf | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/jinwei.me/infra/sg.tf b/jinwei.me/infra/sg.tf new file mode 100644 index 0000000..4d5ecaa --- /dev/null +++ b/jinwei.me/infra/sg.tf | |||
@@ -0,0 +1,38 @@ | |||
1 | # EC 2 | ||
2 | resource "aws_security_group" "backend" { | ||
3 | name = local.name | ||
4 | vpc_id = module.vpc.vpc_id | ||
5 | } | ||
6 | |||
7 | resource "aws_security_group_rule" "backend_ingress_ssh" { | ||
8 | security_group_id = aws_security_group.backend.id | ||
9 | type = "ingress" | ||
10 | protocol = "tcp" | ||
11 | from_port = 22 | ||
12 | to_port = 22 | ||
13 | cidr_blocks = ["0.0.0.0/0"] | ||
14 | } | ||
15 | |||
16 | resource "aws_security_group_rule" "backend_egress_all" { | ||
17 | security_group_id = aws_security_group.backend.id | ||
18 | type = "egress" | ||
19 | protocol = "all" | ||
20 | from_port = 0 | ||
21 | to_port = 0 | ||
22 | cidr_blocks = ["0.0.0.0/0"] | ||
23 | } | ||
24 | |||
25 | # RDS | ||
26 | resource "aws_security_group" "rds" { | ||
27 | name = "${local.name}-db" | ||
28 | vpc_id = module.vpc.vpc_id | ||
29 | } | ||
30 | |||
31 | resource "aws_security_group_rule" "db_ingress_backend" { | ||
32 | security_group_id = aws_security_group.rds.id | ||
33 | type = "ingress" | ||
34 | protocol = "tcp" | ||
35 | from_port = var.rds_port | ||
36 | to_port = var.rds_port | ||
37 | source_security_group_id = aws_security_group.backend.id | ||
38 | } | ||