Skip to content

T
tf_mod_aws_bastion
Commit f7dff07d authored by Adrian Horrocks's avatar Adrian Horrocks
Browse files
Options

changing ingress acl to variable to allow whitelists

parent 4727a83a
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 2 deletions
main.tf
View file @ f7dff07d
...@@ -32,6 +32,11 @@ variable "bastion_instances" { ...@@ -32,6 +32,11 @@ variable "bastion_instances" {
default = "1" default = "1"
} }
variable "bastion_ingress_whitelist" {
description = "Ingress whitelist for SSH/VPN"
default = ["0.0.0.0"]
}
resource "aws_security_group" "bastion" { resource "aws_security_group" "bastion" {
name = "Bastion" name = "Bastion"
vpc_id = "${var.vpc_id}" vpc_id = "${var.vpc_id}"
...@@ -41,14 +46,14 @@ resource "aws_security_group" "bastion" { ...@@ -41,14 +46,14 @@ resource "aws_security_group" "bastion" {
from_port = 22 from_port = 22
to_port = 22 to_port = 22
protocol = "tcp" protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["${var.bastion_ingress_whitelist}"]
} }
ingress { ingress {
from_port = 1194 from_port = 1194
to_port = 1194 to_port = 1194
protocol = "udp" protocol = "udp"
cidr_blocks = ["0.0.0.0/0"] cidr_blocks = ["${var.bastion_ingress_whitelist}"]
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment