feat: add security group

7SOATSquad30 · Sep 29, 2024 · b53cde0 · b53cde0
1 parent 761c0a7
commit b53cde0
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -101,7 +101,7 @@ resource "aws_route_table" "private_route_table" {
 
   route {
     cidr_block = "0.0.0.0/0"
-    gateway_id = aws_nat_gateway.nat.id
+    nat_gateway_id  = aws_nat_gateway.nat.id
   }
 
   tags = {
@@ -123,3 +123,51 @@ resource "aws_route_table_association" "private_subnet_3_assoc" {
   subnet_id      = aws_subnet.subnet_3.id
   route_table_id = aws_route_table.private_route_table.id
 }
+
+resource "aws_security_group" "default_security_group" {
+  vpc_id = aws_vpc.main.id
+
+  // Allow all ports access between nodes
+  ingress {
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.main.cidr_block]
+  }
+
+  // Allow SSH access to the nodes
+  // ingress {
+  //   from_port   = 22
+  //   to_port     = 22
+  //   protocol    = "tcp"
+  //   cidr_blocks = ["0.0.0.0/0"]
+  // }
+
+  // Allow public https access
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  // Allow public http access
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  // Allowpublic custom application ports
+  ingress {
+    from_port   = 30000
+    to_port     = 30100
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "default_security_group"
+  }
+}
diff --git a/output.tf b/output.tf
@@ -16,4 +16,9 @@ output "subnet_2_id" {
 output "subnet_3_id" {
   description = "ID da terceira Subnet"
   value       = aws_subnet.subnet_3.id
+}
+
+output "default_security_group" {
+  description = "ID do grupo de segurança"
+  value       = aws_security_group.default_security_group.id
 }
diff --git a/parameters.tf b/parameters.tf
@@ -22,4 +22,10 @@ resource "aws_ssm_parameter" "subnet_3" {
   name  = "/rds/subnet_3"
   type  = "String"
   value = aws_subnet.subnet_3.id
+}
+
+resource "aws_ssm_parameter" "default_security_group" {
+  name  = "default_security_group_id"
+  type  = "String"
+  value = aws_security_group.default_security_group.id
 }