1 files changed, 38 insertions, 0 deletions
diff --git a/photo.jinwei.me/infra/sg.tf b/photo.jinwei.me/infra/sg.tf
new file mode 100644
index 0000000..4d5ecaa
--- /dev/null
+++ b/photo.jinwei.me/infra/sg.tf
@@ -0,0 +1,38 @@
+# EC 2
+resource "aws_security_group" "backend" {
+  name   = local.name
+  vpc_id = module.vpc.vpc_id
+}
+resource "aws_security_group_rule" "backend_ingress_ssh" {
+  security_group_id = aws_security_group.backend.id
+  type              = "ingress"
+  protocol          = "tcp"
+  from_port         = 22
+  to_port           = 22
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+resource "aws_security_group_rule" "backend_egress_all" {
+  security_group_id = aws_security_group.backend.id
+  type              = "egress"
+  protocol          = "all"
+  from_port         = 0
+  to_port           = 0
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+# RDS
+resource "aws_security_group" "rds" {
+  name   = "${local.name}-db"
+  vpc_id = module.vpc.vpc_id
+}
+resource "aws_security_group_rule" "db_ingress_backend" {
+  security_group_id        = aws_security_group.rds.id
+  type                     = "ingress"
+  protocol                 = "tcp"
+  from_port                = var.rds_port
+  to_port                  = var.rds_port
+  source_security_group_id = aws_security_group.backend.id
+}

diff --git a/photo.jinwei.me/infra/sg.tf b/photo.jinwei.me/infra/sg.tf new file mode 100644 index 0000000..4d5ecaa --- /dev/null +++ b/photo.jinwei.me/infra/sg.tf
@@ -0,0 +1,38 @@
	1	# EC 2
	2	resource "aws_security_group" "backend" {
	3	name = local.name
	4	vpc_id = module.vpc.vpc_id
	5	}
	6
	7	resource "aws_security_group_rule" "backend_ingress_ssh" {
	8	security_group_id = aws_security_group.backend.id
	9	type = "ingress"
	10	protocol = "tcp"
	11	from_port = 22
	12	to_port = 22
	13	cidr_blocks = ["0.0.0.0/0"]
	14	}
	15
	16	resource "aws_security_group_rule" "backend_egress_all" {
	17	security_group_id = aws_security_group.backend.id
	18	type = "egress"
	19	protocol = "all"
	20	from_port = 0
	21	to_port = 0
	22	cidr_blocks = ["0.0.0.0/0"]
	23	}
	24
	25	# RDS
	26	resource "aws_security_group" "rds" {
	27	name = "${local.name}-db"
	28	vpc_id = module.vpc.vpc_id
	29	}
	30
	31	resource "aws_security_group_rule" "db_ingress_backend" {
	32	security_group_id = aws_security_group.rds.id
	33	type = "ingress"
	34	protocol = "tcp"
	35	from_port = var.rds_port
	36	to_port = var.rds_port
	37	source_security_group_id = aws_security_group.backend.id
	38	}