diff options
Diffstat (limited to 'photo.jinwei.me/infra/sg.tf')
-rw-r--r-- | photo.jinwei.me/infra/sg.tf | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/photo.jinwei.me/infra/sg.tf b/photo.jinwei.me/infra/sg.tf new file mode 100644 index 0000000..4d5ecaa --- /dev/null +++ b/photo.jinwei.me/infra/sg.tf | |||
@@ -0,0 +1,38 @@ | |||
1 | # EC 2 | ||
2 | resource "aws_security_group" "backend" { | ||
3 | name = local.name | ||
4 | vpc_id = module.vpc.vpc_id | ||
5 | } | ||
6 | |||
7 | resource "aws_security_group_rule" "backend_ingress_ssh" { | ||
8 | security_group_id = aws_security_group.backend.id | ||
9 | type = "ingress" | ||
10 | protocol = "tcp" | ||
11 | from_port = 22 | ||
12 | to_port = 22 | ||
13 | cidr_blocks = ["0.0.0.0/0"] | ||
14 | } | ||
15 | |||
16 | resource "aws_security_group_rule" "backend_egress_all" { | ||
17 | security_group_id = aws_security_group.backend.id | ||
18 | type = "egress" | ||
19 | protocol = "all" | ||
20 | from_port = 0 | ||
21 | to_port = 0 | ||
22 | cidr_blocks = ["0.0.0.0/0"] | ||
23 | } | ||
24 | |||
25 | # RDS | ||
26 | resource "aws_security_group" "rds" { | ||
27 | name = "${local.name}-db" | ||
28 | vpc_id = module.vpc.vpc_id | ||
29 | } | ||
30 | |||
31 | resource "aws_security_group_rule" "db_ingress_backend" { | ||
32 | security_group_id = aws_security_group.rds.id | ||
33 | type = "ingress" | ||
34 | protocol = "tcp" | ||
35 | from_port = var.rds_port | ||
36 | to_port = var.rds_port | ||
37 | source_security_group_id = aws_security_group.backend.id | ||
38 | } | ||