Skip to content

T
tf_mod_aws_bastion
Commit f7dff07d authored by Adrian Horrocks's avatar Adrian Horrocks
Browse files
Options

changing ingress acl to variable to allow whitelists

parent 4727a83a
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 2 deletions
main.tf
View file @ f7dff07d
......@@ -32,6 +32,11 @@ variable "bastion_instances" {
default = "1"
}
variable "bastion_ingress_whitelist" {
description = "Ingress whitelist for SSH/VPN"
default = ["0.0.0.0"]
}
resource "aws_security_group" "bastion" {
name = "Bastion"
vpc_id = "${var.vpc_id}"
......@@ -41,14 +46,14 @@ resource "aws_security_group" "bastion" {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
cidr_blocks = ["${var.bastion_ingress_whitelist}"]
}
ingress {
from_port = 1194
to_port = 1194
protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
cidr_blocks = ["${var.bastion_ingress_whitelist}"]
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment