Skip to content
Snippets Groups Projects
Normal view Permalink
security.tf 930 B
Newer Older
Nuwan Rajika Kumarasiri's avatar
Add an EFS volume into Secure Agent infrastructure  
Nuwan Rajika Kumarasiri committed
1 
data "aws_security_group" "sec-group" {
Nuwan Rajika Kumarasiri's avatar
Add initial terraform scripts for automating infra. for Informatica Secure Agent
Nuwan Rajika Kumarasiri committed
2 
  vpc_id = data.aws_vpc.vpc.id
Nuwan Rajika Kumarasiri's avatar
Add initial terraform scripts for automating infra. for Informatica Secure Agent  
Nuwan Rajika Kumarasiri committed
3 
  tags   = var.security_group
Nuwan Rajika Kumarasiri's avatar
Add an EFS volume into Secure Agent infrastructure  
Nuwan Rajika Kumarasiri committed
4 5 
}
Nuwan Rajika Kumarasiri's avatar
Update Secure Agent's EC2 instance for a better instance - WISCALERTS-2  
Nuwan Rajika Kumarasiri committed
6 7 8 9 10 
data "aws_security_group" "default" {
  vpc_id = data.aws_vpc.vpc.id
  name = "default"
}
Nuwan Rajika Kumarasiri's avatar
Add an EFS volume into Secure Agent infrastructure  
Nuwan Rajika Kumarasiri committed
11 
// open port 2049 for NFSv4
Nuwan Rajika Kumarasiri's avatar
Mount EFS volume in the same AZ as the ECS instance  
Nuwan Rajika Kumarasiri committed
12 13 
resource "aws_security_group" "secure-agent-efs-sg" {
  name   = var.secure_agent_efs_sg
Nuwan Rajika Kumarasiri's avatar
Add an EFS volume into Secure Agent infrastructure  
Nuwan Rajika Kumarasiri committed
14 15 16 17 18 
  vpc_id = data.aws_vpc.vpc.id

  // NFS
  ingress {
    security_groups = [
Jared Kosanovic's avatar
Add SSM agent policy to instance profile, add name tag to autoscaling group  
Jared Kosanovic committed
19 20 21 22 
    data.aws_security_group.sec-group.id]
    from_port = 2049
    to_port   = 2049
    protocol  = "tcp"
Nuwan Rajika Kumarasiri's avatar
Add an EFS volume into Secure Agent infrastructure  
Nuwan Rajika Kumarasiri committed
23 24 
  }
Nuwan Rajika Kumarasiri's avatar
Mount EFS volume in the same AZ as the ECS instance  
Nuwan Rajika Kumarasiri committed
25 26 27 28 29 30 31 32 33 34 
  # allow SSH connections from configured security group,
  # for debugging purposes(can set up a bastion host).
  ingress {
    security_groups = [
    data.aws_security_group.sec-group.id]
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
  }
Nuwan Rajika Kumarasiri's avatar
Add an EFS volume into Secure Agent infrastructure  
Nuwan Rajika Kumarasiri committed
35 36 
  egress {
    security_groups = [
Jared Kosanovic's avatar
Add SSM agent policy to instance profile, add name tag to autoscaling group  
Jared Kosanovic committed
37 38 39 40 
    data.aws_security_group.sec-group.id]
    from_port = 0
    to_port   = 0
    protocol  = "-1"
Nuwan Rajika Kumarasiri's avatar
Add an EFS volume into Secure Agent infrastructure  
Nuwan Rajika Kumarasiri committed
41 42 43 
  }

  tags = var.secure_agent_sg_tags
Nuwan Rajika Kumarasiri's avatar
Add initial terraform scripts for automating infra. for Informatica Secure Agent
Nuwan Rajika Kumarasiri committed
44 
}