crizstian · April 12, 2019 18:32
diff --git a/sg.tf b/sg.tf
 resource "aws_security_group" "bastion_sg" {
  description = "Enable HTTP ingress"
  vpc_id      = "${aws_vpc.bastion_vpc.id}"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = -1
    to_port     = -1
    protocol    = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = -1
    to_port     = -1
    protocol    = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags {
    Application = "${var.bastion_cluster_name}"
    Environment = "${terraform.workspace}"
    Name        = "${var.bastion_cluster_name}-sg"
  }
 }

 resource "aws_security_group" "bastion_private_sg" {
  description = "Enable HTTP ingress"
  vpc_id      = "${aws_vpc.bastion_vpc.id}"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["${var.bastion_cidr}"]
  }
  ingress {
    from_port   = 27017
    to_port     = 27017
    protocol    = "tcp"
    cidr_blocks = ["${var.bastion_cidr}"]
  }
  ingress {
    from_port   = -1
    to_port     = -1
    protocol    = "icmp"
    cidr_blocks = ["${var.bastion_cidr}"]
  }

  egress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["${var.bastion_cidr}"]
  }
  egress {
    from_port   = 27017
    to_port     = 27017
    protocol    = "tcp"
    cidr_blocks = ["${var.bastion_cidr}"]
  }
  egress {
    from_port   = 0
    to_port     = 65535
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = -1
    to_port     = -1
    protocol    = "icmp"
    cidr_blocks = ["${var.bastion_cidr}"]
  }

  tags {
    Application = "${var.bastion_cluster_name}"
    Environment = "${terraform.workspace}"
    Name        = "${var.bastion_cluster_name}-private-sg"
  }
 }
	resource "aws_security_group" "bastion_sg" {
	description = "Enable HTTP ingress"
	vpc_id = "${aws_vpc.bastion_vpc.id}"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	ingress {
	from_port = -1
	to_port = -1
	protocol = "icmp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	egress {
	from_port = -1
	to_port = -1
	protocol = "icmp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	tags {
	Application = "${var.bastion_cluster_name}"
	Environment = "${terraform.workspace}"
	Name = "${var.bastion_cluster_name}-sg"
	}
	}

	resource "aws_security_group" "bastion_private_sg" {
	description = "Enable HTTP ingress"
	vpc_id = "${aws_vpc.bastion_vpc.id}"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["${var.bastion_cidr}"]
	}
	ingress {
	from_port = 27017
	to_port = 27017
	protocol = "tcp"
	cidr_blocks = ["${var.bastion_cidr}"]
	}
	ingress {
	from_port = -1
	to_port = -1
	protocol = "icmp"
	cidr_blocks = ["${var.bastion_cidr}"]
	}

	egress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["${var.bastion_cidr}"]
	}
	egress {
	from_port = 27017
	to_port = 27017
	protocol = "tcp"
	cidr_blocks = ["${var.bastion_cidr}"]
	}
	egress {
	from_port = 0
	to_port = 65535
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	egress {
	from_port = -1
	to_port = -1
	protocol = "icmp"
	cidr_blocks = ["${var.bastion_cidr}"]
	}

	tags {
	Application = "${var.bastion_cluster_name}"
	Environment = "${terraform.workspace}"
	Name = "${var.bastion_cluster_name}-private-sg"
	}
	}