Merge pull request #12 from OrangeB4B/master

egarbi · web-flow · commit a08863f91afe · 2018-07-25T11:31:04.000+01:00
External Security Rules to allow extensibility
diff --git a/main.tf b/main.tf
@@ -2,33 +2,47 @@ resource "aws_security_group" "elasticsearch" {
   name        = "${var.name}"
   description = "Security Group to allow traffic to ElasticSearch"
 
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["${var.ingress_allow_cidr_blocks}"]
-  }
+  vpc_id = "${var.vpc_id}"
+}
 
-  ingress {
-    from_port       = 443
-    to_port         = 443
-    protocol        = "tcp"
-    security_groups = ["${var.ingress_allow_security_groups}"]
-  }
+resource "aws_security_group_rule" "secure_cidrs" {
+  count = "${length(var.ingress_allow_cidr_blocks) > 0 ? 1 : 0}"
 
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
+  type        = "ingress"
+  from_port   = 443
+  to_port     = 443
+  protocol    = "TCP"
+  cidr_blocks = ["${var.ingress_allow_cidr_blocks}"]
 
-  vpc_id = "${var.vpc_id}"
+  security_group_id = "${aws_security_group.elasticsearch.id}"
+}
+
+resource "aws_security_group_rule" "secure_sgs" {
+  count = "${length(var.ingress_allow_security_groups)}"
+
+  type                     = "ingress"
+  from_port                = 443
+  to_port                  = 443
+  protocol                 = "tcp"
+  source_security_group_id = "${element(var.ingress_allow_security_groups, count.index)}"
+
+  security_group_id = "${aws_security_group.elasticsearch.id}"
+}
+
+resource "aws_security_group_rule" "egress_all" {
+  type        = "egress"
+  from_port   = 0
+  to_port     = 0
+  protocol    = "-1"
+  cidr_blocks = ["0.0.0.0/0"]
+
+  security_group_id = "${aws_security_group.elasticsearch.id}"
 }
 
 resource "aws_elasticsearch_domain" "es" {
   domain_name           = "${var.name}"
   elasticsearch_version = "${var.elasticsearch_version}"
+
   encrypt_at_rest {
     enabled    = "${var.encryption_enabled}"
     kms_key_id = "${var.encryption_kms_key_id}"
diff --git a/outputs.tf b/outputs.tf
@@ -3,15 +3,15 @@ output "es_endpoint" {
 }
 
 output "es_arn" {
-  value ="${aws_elasticsearch_domain.es.arn}"
+  value = "${aws_elasticsearch_domain.es.arn}"
 }
 
 output "es_domain_id" {
-  value =  "${aws_elasticsearch_domain.es.domain_id}"
+  value = "${aws_elasticsearch_domain.es.domain_id}"
 }
 
 output "es_kibana_endpoint" {
-  value =  "${aws_elasticsearch_domain.es.kibana_endpoint}"
+  value = "${aws_elasticsearch_domain.es.kibana_endpoint}"
 }
 
 output "es_availability_zones_ids" {
@@ -21,3 +21,7 @@ output "es_availability_zones_ids" {
 output "es_vpc_ids" {
   value = "${aws_elasticsearch_domain.es.vpc_options.0.vpc_id}"
 }
+
+output "es_sg" {
+  value = "${aws_security_group.elasticsearch.id}"
+}

Original file line number	Diff line number	Diff line change
`@@ -3,15 +3,15 @@ output "es_endpoint" {`
`3`	`3`	`}`
`4`	`4`
`5`	`5`	`output "es_arn" {`
`6`		`- value ="${aws_elasticsearch_domain.es.arn}"`
	`6`	`+ value = "${aws_elasticsearch_domain.es.arn}"`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`output "es_domain_id" {`
`10`		`- value = "${aws_elasticsearch_domain.es.domain_id}"`
	`10`	`+ value = "${aws_elasticsearch_domain.es.domain_id}"`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`output "es_kibana_endpoint" {`
`14`		`- value = "${aws_elasticsearch_domain.es.kibana_endpoint}"`
	`14`	`+ value = "${aws_elasticsearch_domain.es.kibana_endpoint}"`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`output "es_availability_zones_ids" {`
`@@ -21,3 +21,7 @@ output "es_availability_zones_ids" {`
`21`	`21`	`output "es_vpc_ids" {`
`22`	`22`	`value = "${aws_elasticsearch_domain.es.vpc_options.0.vpc_id}"`
`23`	`23`	`}`
	`24`	`+`
	`25`	`+output "es_sg" {`
	`26`	`+ value = "${aws_security_group.elasticsearch.id}"`
	`27`	`+}`