create varibles for sg rules

clouddrove · Aug 28, 2023 · 115d1e3 · 115d1e3
1 parent a06f9be
commit 115d1e3
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 10 deletions.
diff --git a/main.tf b/main.tf
@@ -57,25 +57,25 @@ resource "aws_security_group" "default" {
   }
 
   ingress {
-    from_port       = "2049" # NFS
-    to_port         = "2049"
-    protocol        = "tcp"
+    from_port       = var.from_port # NFS
+    to_port         = var.to_port
+    protocol        = var.protocol
     security_groups = var.security_groups
   }
 
   ingress {
-    from_port   = "2049" # NFS
-    to_port     = "2049"
-    protocol    = "tcp"
+    from_port       = var.from_port # NFS
+    to_port         = var.to_port
+    protocol        = var.protocol
     cidr_blocks = var.allow_cidr #tfsec:ignore:aws-vpc-no-public-egress-sgr
   }
 
   egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
+    from_port   = var.egress_from_port
+    to_port     = var.egress_to_port
+    protocol    = var.egress_protocol
     description = "for all"
-    cidr_blocks = ["0.0.0.0/0"] #tfsec:ignore:aws-vpc-no-public-egress-sgr
+    cidr_blocks = var.egress_cidr_blocks #tfsec:ignore:aws-vpc-no-public-egress-sgr
   }
 
   tags = module.label.tags

diff --git a/variables.tf b/variables.tf
@@ -31,6 +31,46 @@ variable "security_groups" {
   sensitive   = true
   description = "Security group IDs to allow access to the EFS"
 }
+variable "from_port" {
+  type        = number
+  default   = 2049
+  description = "Security group IDs to allow access to the EFS"
+}
+
+variable "to_port" {
+  type        = number
+  default   = 2049
+  description = "Security group IDs to allow access to the EFS"
+}
+
+variable "egress_from_port" {
+  type        = number
+  default   = 0
+  description = "Security group IDs to allow access to the EFS"
+}
+variable "egress_to_port" {
+  type        = number
+  default   = 0
+  description = "Security group IDs to allow access to the EFS"
+}
+
+variable "protocol" {
+  type        = string
+  default   = "tcp"
+  description = "Security group IDs to allow access to the EFS"
+}
+
+variable "egress_protocol" {
+  type        = number
+  default   = -1
+  description = "Security group IDs to allow access to the EFS"
+}
+
+variable "egress_cidr_blocks" {
+  type        = list(string)
+  default   = ["0.0.0.0/0"]
+  description = "Security group IDs to allow access to the EFS"
+}
 
 variable "efs_enabled" {
   type        = bool