github.com/tetrafolium/tflint@v0.8.0/tflint/test-fixtures/v0.11.0_module/.terraform/modules/9f93d48a9145c9b1ec2d65897abbd12a/main.tf (about) 1 # --------------------------------------------------------------------------------------------------------------------- 2 # CREATE THE SECURITY GROUP RULES THAT CONTROL WHAT TRAFFIC CAN GO IN AND OUT OF A CONSUL CLUSTER 3 # --------------------------------------------------------------------------------------------------------------------- 4 5 resource "aws_security_group_rule" "allow_server_rpc_inbound" { 6 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 7 type = "ingress" 8 from_port = "${var.server_rpc_port}" 9 to_port = "${var.server_rpc_port}" 10 protocol = "tcp" 11 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 12 13 security_group_id = "${var.security_group_id}" 14 } 15 16 resource "aws_security_group_rule" "allow_cli_rpc_inbound" { 17 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 18 type = "ingress" 19 from_port = "${var.cli_rpc_port}" 20 to_port = "${var.cli_rpc_port}" 21 protocol = "tcp" 22 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 23 24 security_group_id = "${var.security_group_id}" 25 } 26 27 resource "aws_security_group_rule" "allow_serf_lan_tcp_inbound" { 28 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 29 type = "ingress" 30 from_port = "${var.serf_lan_port}" 31 to_port = "${var.serf_lan_port}" 32 protocol = "tcp" 33 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 34 35 security_group_id = "${var.security_group_id}" 36 } 37 38 resource "aws_security_group_rule" "allow_serf_lan_udp_inbound" { 39 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 40 type = "ingress" 41 from_port = "${var.serf_lan_port}" 42 to_port = "${var.serf_lan_port}" 43 protocol = "udp" 44 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 45 46 security_group_id = "${var.security_group_id}" 47 } 48 49 resource "aws_security_group_rule" "allow_serf_wan_tcp_inbound" { 50 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 51 type = "ingress" 52 from_port = "${var.serf_wan_port}" 53 to_port = "${var.serf_wan_port}" 54 protocol = "tcp" 55 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 56 57 security_group_id = "${var.security_group_id}" 58 } 59 60 resource "aws_security_group_rule" "allow_serf_wan_udp_inbound" { 61 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 62 type = "ingress" 63 from_port = "${var.serf_wan_port}" 64 to_port = "${var.serf_wan_port}" 65 protocol = "udp" 66 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 67 68 security_group_id = "${var.security_group_id}" 69 } 70 71 resource "aws_security_group_rule" "allow_http_api_inbound" { 72 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 73 type = "ingress" 74 from_port = "${var.http_api_port}" 75 to_port = "${var.http_api_port}" 76 protocol = "tcp" 77 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 78 79 security_group_id = "${var.security_group_id}" 80 } 81 82 resource "aws_security_group_rule" "allow_dns_tcp_inbound" { 83 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 84 type = "ingress" 85 from_port = "${var.dns_port}" 86 to_port = "${var.dns_port}" 87 protocol = "tcp" 88 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 89 90 security_group_id = "${var.security_group_id}" 91 } 92 93 resource "aws_security_group_rule" "allow_dns_udp_inbound" { 94 count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}" 95 type = "ingress" 96 from_port = "${var.dns_port}" 97 to_port = "${var.dns_port}" 98 protocol = "udp" 99 cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 100 101 security_group_id = "${var.security_group_id}" 102 } 103 104 resource "aws_security_group_rule" "allow_server_rpc_inbound_from_security_group_ids" { 105 count = "${length(var.allowed_inbound_security_group_ids)}" 106 type = "ingress" 107 from_port = "${var.server_rpc_port}" 108 to_port = "${var.server_rpc_port}" 109 protocol = "tcp" 110 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 111 112 security_group_id = "${var.security_group_id}" 113 } 114 115 resource "aws_security_group_rule" "allow_cli_rpc_inbound_from_security_group_ids" { 116 count = "${length(var.allowed_inbound_security_group_ids)}" 117 type = "ingress" 118 from_port = "${var.cli_rpc_port}" 119 to_port = "${var.cli_rpc_port}" 120 protocol = "tcp" 121 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 122 123 security_group_id = "${var.security_group_id}" 124 } 125 126 resource "aws_security_group_rule" "allow_serf_lan_tcp_inbound_from_security_group_ids" { 127 count = "${length(var.allowed_inbound_security_group_ids)}" 128 type = "ingress" 129 from_port = "${var.serf_lan_port}" 130 to_port = "${var.serf_lan_port}" 131 protocol = "tcp" 132 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 133 134 security_group_id = "${var.security_group_id}" 135 } 136 137 resource "aws_security_group_rule" "allow_serf_lan_udp_inbound_from_security_group_ids" { 138 count = "${length(var.allowed_inbound_security_group_ids)}" 139 type = "ingress" 140 from_port = "${var.serf_lan_port}" 141 to_port = "${var.serf_lan_port}" 142 protocol = "udp" 143 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 144 145 security_group_id = "${var.security_group_id}" 146 } 147 148 resource "aws_security_group_rule" "allow_serf_wan_tcp_inbound_from_security_group_ids" { 149 count = "${length(var.allowed_inbound_security_group_ids)}" 150 type = "ingress" 151 from_port = "${var.serf_wan_port}" 152 to_port = "${var.serf_wan_port}" 153 protocol = "tcp" 154 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 155 156 security_group_id = "${var.security_group_id}" 157 } 158 159 resource "aws_security_group_rule" "allow_serf_wan_udp_inbound_from_security_group_ids" { 160 count = "${length(var.allowed_inbound_security_group_ids)}" 161 type = "ingress" 162 from_port = "${var.serf_wan_port}" 163 to_port = "${var.serf_wan_port}" 164 protocol = "udp" 165 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 166 167 security_group_id = "${var.security_group_id}" 168 } 169 170 resource "aws_security_group_rule" "allow_http_api_inbound_from_security_group_ids" { 171 count = "${length(var.allowed_inbound_security_group_ids)}" 172 type = "ingress" 173 from_port = "${var.http_api_port}" 174 to_port = "${var.http_api_port}" 175 protocol = "tcp" 176 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 177 178 security_group_id = "${var.security_group_id}" 179 } 180 181 resource "aws_security_group_rule" "allow_dns_tcp_inbound_from_security_group_ids" { 182 count = "${length(var.allowed_inbound_security_group_ids)}" 183 type = "ingress" 184 from_port = "${var.dns_port}" 185 to_port = "${var.dns_port}" 186 protocol = "tcp" 187 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 188 189 security_group_id = "${var.security_group_id}" 190 } 191 192 resource "aws_security_group_rule" "allow_dns_udp_inbound_from_security_group_ids" { 193 count = "${length(var.allowed_inbound_security_group_ids)}" 194 type = "ingress" 195 from_port = "${var.dns_port}" 196 to_port = "${var.dns_port}" 197 protocol = "udp" 198 source_security_group_id = "${element(var.allowed_inbound_security_group_ids, count.index)}" 199 200 security_group_id = "${var.security_group_id}" 201 }