From b3ffbc45c10d6bc9ddce092c7b2490d40b248baf Mon Sep 17 00:00:00 2001 From: Marc Ransome Date: Thu, 13 May 2021 14:53:04 +0100 Subject: [PATCH] Add inbound security rules for CHIPS connectivity --- groups/frontend/instance.tf | 32 ++++++++++++++++++++++++++++++++ groups/frontend/variables.tf | 5 +++++ 2 files changed, 37 insertions(+) diff --git a/groups/frontend/instance.tf b/groups/frontend/instance.tf index f4806fd..1012bd0 100644 --- a/groups/frontend/instance.tf +++ b/groups/frontend/instance.tf @@ -116,6 +116,38 @@ resource "aws_security_group" "common" { cidr_blocks = var.deployment_cidrs } + ingress { + description = "Allow connectivity from CHIPS for Tuxedo CEU services" + from_port = 38000 + to_port = 38000 + protocol = "TCP" + cidr_blocks = [var.chips_cidr] + } + + ingress { + description = "Allow connectivity from CHIPS for Tuxedo CHD services" + from_port = 38100 + to_port = 38100 + protocol = "TCP" + cidr_blocks = [var.chips_cidr] + } + + ingress { + description = "Allow connectivity from CHIPS for Tuxedo EWF services" + from_port = 38200 + to_port = 38200 + protocol = "TCP" + cidr_blocks = [var.chips_cidr] + } + + ingress { + description = "Allow connectivity from CHIPS for Tuxedo XML services" + from_port = 38300 + to_port = 38300 + protocol = "TCP" + cidr_blocks = [var.chips_cidr] + } + egress { description = "Allow outbound traffic" from_port = 0 diff --git a/groups/frontend/variables.tf b/groups/frontend/variables.tf index e15543d..2d9f7e1 100644 --- a/groups/frontend/variables.tf +++ b/groups/frontend/variables.tf @@ -20,6 +20,11 @@ variable "aws_account" { description = "The name of the AWS account; used in Vault path when looking up account identifier" } +variable "chips_cidr" { + type = string + description = "A string representing the CIDR range from which CHIPS instances will connect to Tuxedo services" +} + variable "default_log_retention_in_days" { type = string description = "The default log retention period in days for CloudWatch log groups"