diff options
| author | Daniil Baturin <daniil@vyos.io> | 2025-05-01 15:48:15 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-01 15:48:15 +0100 |
| commit | fc9128e33469aea2b65b81589a3e9c9399ddc0c7 (patch) | |
| tree | f27518abd233c3620122a867a5043ff37fd334b4 /Terraform/AWS/instance-with-basic-configs/security_groups.tf | |
| parent | 65f456222375c017e45f27dfb283d1d4176e260f (diff) | |
| parent | cb2f5c86fd732a2d10a758bc3a90fc4ee33323de (diff) | |
| download | vyos-automation-fc9128e33469aea2b65b81589a3e9c9399ddc0c7.tar.gz vyos-automation-fc9128e33469aea2b65b81589a3e9c9399ddc0c7.zip | |
Merge pull request #5 from aslanvyos/main
Terraform projects for VyOS deployment on AWS
Diffstat (limited to 'Terraform/AWS/instance-with-basic-configs/security_groups.tf')
| -rw-r--r-- | Terraform/AWS/instance-with-basic-configs/security_groups.tf | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/Terraform/AWS/instance-with-basic-configs/security_groups.tf b/Terraform/AWS/instance-with-basic-configs/security_groups.tf new file mode 100644 index 0000000..d8653ae --- /dev/null +++ b/Terraform/AWS/instance-with-basic-configs/security_groups.tf @@ -0,0 +1,111 @@ +# SECURITY GROUP FOR PUBLIC RESOURCES
+
+resource "aws_security_group" "public_sg" {
+ name = join("-", [var.prefix, var.public_sg_name])
+ description = "Security Group for public resources"
+ vpc_id = aws_vpc.vpc.id
+
+ # Allow SSH Traffic
+ ingress {
+ description = "Allow SSH"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow Wireguard Traffic
+ ingress {
+ description = "Allow Wireguard"
+ from_port = 51820
+ to_port = 51820
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow OpenVPN Traffic
+ ingress {
+ description = "Allow OpenVPN"
+ from_port = 1194
+ to_port = 1194
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow ESP Traffic
+ ingress {
+ description = "Allow ESP"
+ from_port = 0
+ to_port = 0
+ protocol = "50"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow IKE Traffic
+ ingress {
+ description = "Allow IKE"
+ from_port = 500
+ to_port = 500
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow IPSEC Traffic
+ ingress {
+ description = "Allow IPSEC"
+ from_port = 1701
+ to_port = 1701
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow NAT Traversal
+ ingress {
+ description = "Allow NAT Traversal"
+ from_port = 4500
+ to_port = 4500
+ protocol = "udp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Allow all outbound traffic
+ egress {
+ description = "Allow all outbound traffic"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ tags = {
+ Name = join("-", [var.prefix, var.public_sg_name])
+ }
+}
+
+# SECURITY GROUP FOR PRIVATE RESOURCES
+
+resource "aws_security_group" "private_sg" {
+ name = join("-", [var.prefix, var.private_sg_name])
+ description = "Security Group for private resources"
+ vpc_id = aws_vpc.vpc.id
+
+ ingress {
+ description = "Allow all inbound traffic"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ egress {
+ description = "Allow all outbound traffic"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ tags = {
+ Name = join("-", [var.prefix, var.private_sg_name])
+ }
+}
\ No newline at end of file |