Skip to content

Instantly share code, notes, and snippets.

@hervekhg

hervekhg/security_group_rds.tf

Created April 29, 2019 15:35
Show Gist options
  • Save hervekhg/ddb537b79975a0af3980fb9bdcd02505 to your computer and use it in GitHub Desktop.
Save hervekhg/ddb537b79975a0af3980fb9bdcd02505 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
security_group_rds.tf
# --------------------------------------------------------------
# Security Group Rules For RDS
# ---------------------------------------------------------------
resource "aws_security_group" "db" {
name = "${data.consul_keys.ck.var.project_name}-${var.install_name}-rds"
description = "Security group for ${data.consul_keys.ck.var.project_name} db rds"
vpc_id = "${data.terraform_remote_state.network.aws_vpc_id}"
tags {
resource-env = "${data.consul_keys.ck.var.env}"
resource-name = "${data.consul_keys.ck.var.project_name}"
BillingBusinessApp = "${data.consul_keys.ck.var.billing_business_app}"
}
}
# --------------------------------------------------------------
# Security Group Rules User Connection to Database
# ---------------------------------------------------------------
resource "aws_security_group" "db_users" {
name = "${data.consul_keys.ck.var.project_name}-${var.install_name}-db-users"
description = "Security group for ${data.consul_keys.ck.var.project_name} db users"
vpc_id = "${data.terraform_remote_state.network.aws_vpc_id}"
tags {
resource-env = "${data.consul_keys.ck.var.env}"
resource-name = "${data.consul_keys.ck.var.project_name}"
}
}
resource "aws_security_group_rule" "db_ingress_sql" {
from_port = 3306
protocol = "tcp"
security_group_id = "${aws_security_group.db.id}"
to_port = 3306
type = "ingress"
source_security_group_id = "${aws_security_group.sg-lambda.id}"
}
resource "aws_security_group_rule" "db_egress_all" {
type = "egress"
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.db.id}"
}
resource "aws_security_group_rule" "db_users_ingress_sql" {
from_port = 3306
protocol = "tcp"
security_group_id = "${aws_security_group.db_users.id}"
to_port = 3306
type = "ingress"
cidr_blocks = ["192.168.166.45/32"]
}
resource "aws_security_group_rule" "db_users_egress_all" {
type = "egress"
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.db_users.id}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment