# Title: site/security_groups.tf # Description: Security groups for resources in subnets. ####-- Security Groups --#### # Create default locked down security groups for private and public subnets # Security Group: Public Subnets resource "aws_security_group" "sg_public_default" { name = "sg_public_default" description = "Default public facing security group" tags = { Name = "sg_public_default" } vpc_id = "${aws_vpc.myvpc.id}" ##-- Ingress/Inbound Rules --## # No ingress/inbound rules by default #ingress { #} ##-- Egress/Outbound Rules --## # Allow all egress/outbound traffic egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } # Security Group: Private Subnets resource "aws_security_group" "sg_private_default" { name = "sg_private_default" description = "Default private facing security group" tags = { Name = "sg_private_default" } vpc_id = "${aws_vpc.myvpc.id}" ##-- Ingress/Inbound Rules --## # Allow all ssh traffic from default public security group ingress { from_port = 22 to_port = 22 protocol = "tcp" security_groups = ["${aws_security_group.sg_public_default.id}"] } # Allow all traffic within the private security group ingress { from_port = 0 to_port = 0 protocol = "-1" self = "true" } ##-- Egress/Outbound Rules --## # Allow all egress/outbound traffic egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }