-
Notifications
You must be signed in to change notification settings - Fork 0
/
locals.tf
100 lines (96 loc) · 2.77 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0 */
# --- root/locals.tf ---
locals {
connect_vpc_public_ip_asn = values({ for k, v in var.vpcs : k => v.local_bgp_asn if v.spoke_type == "connect" })[0]
remote_vpc_public_ip_asn = values({ for k, v in var.vpcs : k => v.local_bgp_asn if v.spoke_type == "remote" })[0]
security_groups = {
spoke_vpc = {
instance = {
name = "instance_sg"
description = "Security Group used in the instances"
ingress = {
icmp = {
description = "Allowing ICMP traffic"
from = -1
to = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ssh = {
description = "Allowing SSH traffic"
from = 22
to = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
egress = {
any = {
description = "Any traffic"
from = 0
to = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
tags = {
Name = "Instance Security Group"
}
}
}
vpc_endpoints = {
endpoints = {
name = "endpoints_sg"
description = "Security Group for SSM connection"
ingress = {
https = {
description = "Allowing HTTPS"
from = 443
to = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
egress = {
any = {
description = "Any traffic"
from = 0
to = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
tags = {
Name = "VPC Endpoint Security Group"
}
}
}
}
endpoint_service_names = {
ssm = {
name = "com.amazonaws.${var.aws_region}.ssm"
type = "Interface"
private_dns = true
phz_needed = true
phz_name = "ssm.${var.aws_region}.amazonaws.com"
phz_alias_name = ""
}
ssmmessages = {
name = "com.amazonaws.${var.aws_region}.ssmmessages"
type = "Interface"
private_dns = true
phz_needed = true
phz_name = "ssmmessages.${var.aws_region}.amazonaws.com"
phz_alias_name = ""
}
ec2messages = {
name = "com.amazonaws.${var.aws_region}.ec2messages"
type = "Interface"
private_dns = true
phz_needed = true
phz_name = "ec2messages.${var.aws_region}.amazonaws.com"
phz_alias_name = ""
}
}
}