From 55bf0526c86c88f5ae0d20bad6587c72cd91e835 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Tue, 31 Jan 2023 14:24:47 -0800
Subject: add ec2, rds

---
 infra/sg.tf | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 infra/sg.tf

(limited to 'infra/sg.tf')

diff --git a/infra/sg.tf b/infra/sg.tf
new file mode 100644
index 0000000..48d5406
--- /dev/null
+++ b/infra/sg.tf
@@ -0,0 +1,38 @@
+# EC 2
+resource "aws_security_group" "backend" {
+  name   = local.name
+  vpc_id = module.vpc.vpc_id
+}
+
+resource "aws_security_group_rule" "backend_ingress_ssh" {
+  security_group_id = aws_security_group.backend.id
+  type              = "ingress"
+  protocol          = "tcp"
+  from_port         = 22
+  to_port           = 22
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "backend_egress_all" {
+  security_group_id = aws_security_group.backend.id
+  type              = "egress"
+  protocol          = "all"
+  from_port         = 0
+  to_port           = 0
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+
+# RDS
+resource "aws_security_group" "rds" {
+  name   = "${local.name}-db"
+  vpc_id = module.vpc.vpc_id
+}
+
+resource "aws_security_group_rule" "rds_ingress_backend" {
+  security_group_id        = aws_security_group.rds.id
+  type                     = "ingress"
+  protocol                 = "tcp"
+  from_port                = var.rds_port
+  to_port                  = var.rds_port
+  source_security_group_id = aws_security_group.backend.id
+}
-- 
cgit v1.2.3