From cb2f5c86fd732a2d10a758bc3a90fc4ee33323de Mon Sep 17 00:00:00 2001 From: aslanvyos Date: Thu, 31 Oct 2024 10:04:05 +0400 Subject: Add Terraform project for VyOS instance with basic setup and with network services (VPN, NAT, DNS) Added CloudFormation templates for VyOS deployment on AWS --- .../AWS/instance-with-configs/security_groups.tf | 111 +++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 Terraform/AWS/instance-with-configs/security_groups.tf (limited to 'Terraform/AWS/instance-with-configs/security_groups.tf') diff --git a/Terraform/AWS/instance-with-configs/security_groups.tf b/Terraform/AWS/instance-with-configs/security_groups.tf new file mode 100644 index 0000000..d8653ae --- /dev/null +++ b/Terraform/AWS/instance-with-configs/security_groups.tf @@ -0,0 +1,111 @@ +# SECURITY GROUP FOR PUBLIC RESOURCES + +resource "aws_security_group" "public_sg" { + name = join("-", [var.prefix, var.public_sg_name]) + description = "Security Group for public resources" + vpc_id = aws_vpc.vpc.id + + # Allow SSH Traffic + ingress { + description = "Allow SSH" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow Wireguard Traffic + ingress { + description = "Allow Wireguard" + from_port = 51820 + to_port = 51820 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow OpenVPN Traffic + ingress { + description = "Allow OpenVPN" + from_port = 1194 + to_port = 1194 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow ESP Traffic + ingress { + description = "Allow ESP" + from_port = 0 + to_port = 0 + protocol = "50" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow IKE Traffic + ingress { + description = "Allow IKE" + from_port = 500 + to_port = 500 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow IPSEC Traffic + ingress { + description = "Allow IPSEC" + from_port = 1701 + to_port = 1701 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow NAT Traversal + ingress { + description = "Allow NAT Traversal" + from_port = 4500 + to_port = 4500 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow all outbound traffic + egress { + description = "Allow all outbound traffic" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = join("-", [var.prefix, var.public_sg_name]) + } +} + +# SECURITY GROUP FOR PRIVATE RESOURCES + +resource "aws_security_group" "private_sg" { + name = join("-", [var.prefix, var.private_sg_name]) + description = "Security Group for private resources" + vpc_id = aws_vpc.vpc.id + + ingress { + description = "Allow all inbound traffic" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + description = "Allow all outbound traffic" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = join("-", [var.prefix, var.private_sg_name]) + } +} \ No newline at end of file -- cgit v1.2.3