github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/terraform/network.tf (about) 1 data "aws_vpc" "default" { 2 default = true 3 } 4 5 data "aws_subnet" "default" { 6 availability_zone = var.availability_zone 7 vpc_id = data.aws_vpc.default.id 8 } 9 10 data "http" "my_public_ipv4" { 11 url = "https://api.ipify.org" 12 } 13 14 locals { 15 ingress_cidr = var.restrict_ingress_cidrblock ? "${chomp(data.http.my_public_ipv4.body)}/32" : "0.0.0.0/0" 16 } 17 18 resource "aws_security_group" "primary" { 19 name = local.random_name 20 vpc_id = data.aws_vpc.default.id 21 22 ingress { 23 from_port = 22 24 to_port = 22 25 protocol = "tcp" 26 cidr_blocks = [local.ingress_cidr] 27 } 28 29 # Nomad 30 ingress { 31 from_port = 4646 32 to_port = 4646 33 protocol = "tcp" 34 cidr_blocks = [local.ingress_cidr] 35 } 36 37 # UI reverse proxy 38 ingress { 39 from_port = 6464 40 to_port = 6464 41 protocol = "tcp" 42 cidr_blocks = [local.ingress_cidr] 43 } 44 45 # Fabio 46 ingress { 47 from_port = 9998 48 to_port = 9999 49 protocol = "tcp" 50 cidr_blocks = [local.ingress_cidr] 51 } 52 53 # Consul: 8500 for HTTP, 8501 for HTTPS 54 ingress { 55 from_port = 8500 56 to_port = 8501 57 protocol = "tcp" 58 cidr_blocks = [local.ingress_cidr] 59 } 60 61 # Vault 62 ingress { 63 from_port = 8200 64 to_port = 8200 65 protocol = "tcp" 66 cidr_blocks = [local.ingress_cidr] 67 } 68 69 ingress { 70 from_port = 0 71 to_port = 0 72 protocol = "-1" 73 self = true 74 } 75 76 egress { 77 from_port = 0 78 to_port = 0 79 protocol = "-1" 80 cidr_blocks = ["0.0.0.0/0"] 81 } 82 } 83 84 resource "aws_security_group" "nfs" { 85 count = var.volumes ? 1 : 0 86 name = "${local.random_name}-nfs" 87 vpc_id = data.aws_vpc.default.id 88 89 ingress { 90 from_port = 2049 91 to_port = 2049 92 protocol = "tcp" 93 security_groups = [aws_security_group.primary.id] 94 } 95 }