security.tf

data "aws_security_group" "sec-group" {
  vpc_id = data.aws_vpc.vpc.id
  tags   = var.security_group
}

// open port 2049 for NFSv4
resource "aws_security_group" "secure-agent-fs-" {
  name   = "secure-agent-efs-sg"
  vpc_id = data.aws_vpc.vpc.id

  // NFS
  ingress {
    security_groups = [
      data.aws_security_group.sec-group.id]
    from_port       = 2049
    to_port         = 2049
    protocol        = "tcp"
  }

  egress {
    security_groups = [
      data.aws_security_group.sec-group.id]
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
  }

  tags = var.secure_agent_sg_tags
}