-
Notifications
You must be signed in to change notification settings - Fork 0
/
sg.tf
133 lines (115 loc) · 2.58 KB
/
sg.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# SECURITY GROUPS #
resource "aws_security_group" "kibana-grafana-sg" {
name = "kibana_grafana_sg"
vpc_id = "${aws_vpc.Custom-VPC.id}"
# access from anywhere
ingress {
from_port = 3000
to_port = 3000
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 5601
to_port = 5601
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "prometheus-sg" {
name = "prometheus_sg"
vpc_id = "${aws_vpc.Custom-VPC.id}"
# access from anywhere
ingress {
from_port = 9090
to_port = 9100
protocol = "tcp"
cidr_blocks = ["${var.Custom-VPC_address_space}"]
}
ingress {
from_port = 8300
to_port = 8600
protocol = "tcp"
cidr_blocks = ["${var.Custom-VPC_address_space}"]
}
# outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "dummy-exporter-sg" {
name = "dummy_exporter_sg"
vpc_id = "${aws_vpc.Custom-VPC.id}"
# access from anywhere
ingress {
from_port = 65433
to_port = 65433
protocol = "tcp"
cidr_blocks = ["${var.Custom-VPC_address_space}"]
}
ingress {
from_port = 8300
to_port = 8600
protocol = "tcp"
cidr_blocks = ["${var.Custom-VPC_address_space}"]
}
# outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "consul-sg" {
name = "consul_sg"
vpc_id = "${aws_vpc.Custom-VPC.id}"
# access from anywhere
ingress {
from_port = 8300
to_port = 8600
protocol = "tcp"
cidr_blocks = ["${var.Custom-VPC_address_space}"]
}
# outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "elastic-search-sg" {
name = "elastic_search_sg"
vpc_id = "${aws_vpc.Custom-VPC.id}"
# access from anywhere
ingress {
from_port = 9200
to_port = 9200
protocol = "tcp"
cidr_blocks = ["${var.Custom-VPC_address_space}"]
}
# outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}