51 lines
1.3 KiB
HCL
51 lines
1.3 KiB
HCL
# Here are general definitions for security rulesets
|
|
|
|
resource "aws_security_group" "general_web_req" {
|
|
name = "Athens General web server ruleset"
|
|
description = "Allowing strictly web traffic"
|
|
vpc_id = aws_vpc.athens_vpc.id
|
|
# Intake of web requests(only serving TLS enabled traffic)
|
|
ingress {
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
from_port = 443
|
|
to_port = 443
|
|
protocol = "tcp"
|
|
}
|
|
ingress {
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
from_port = 80
|
|
to_port = 80
|
|
protocol = "tcp"
|
|
}
|
|
# WARN: Due to the usage of debian based images this rule
|
|
# is effectively required in order to properly update
|
|
# the system as apt mostly talks over port 443(maybe port 80 too?)
|
|
egress {
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
from_port = 443
|
|
to_port = 443
|
|
protocol = "tcp"
|
|
}
|
|
# WARN: like 99% certrain apt falls back to port 80 on occasion
|
|
# which means we kinda need egress in to not break when requesting
|
|
# from shitty repos ...
|
|
egress {
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
from_port = 80
|
|
to_port = 80
|
|
protocol = "tcp"
|
|
}
|
|
}
|
|
|
|
resource "aws_security_group" "remote_ssh_rec" {
|
|
name = "Athens Internal SSH RECV"
|
|
vpc_id = aws_vpc.athens_vpc.id
|
|
ingress {
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
from_port = 22
|
|
to_port = 22
|
|
protocol = "tcp"
|
|
}
|
|
}
|
|
|