Skip to content

Commit

Permalink
DS-2050 Adding Dynamic egress
Browse files Browse the repository at this point in the history
  • Loading branch information
@kayodewale
kayodewale committed Jan 18, 2024
1 parent 87ebe88 commit 4421245
Showing 1 changed file with 23 additions and 16 deletions.
39 changes: 23 additions & 16 deletions infrastructure/stacks/security-groups/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,23 +10,30 @@ resource "aws_security_group" "hk_lambda_sg" {
security_groups = [data.aws_security_group.datastore.id]
}

egress {
count = var.add_perf_egress ? 1 : 0
description = "Core DoS Performance DB Access"
from_port = 5432
to_port = 5432
protocol = "tcp"
security_groups = [data.aws_security_group.datastore_performance.id]
dynamic "egress" {
for_each = var.add_perf_egress ? [1] : []
content {
description = "Core DoS Performance DB Access"
from_port = 5432
to_port = 5432
protocol = "tcp"
security_groups = [data.aws_security_group.datastore_performance[0].id]
}

}

egress {
count = var.add_regression_egress ? 1: 0
description = "Core DoS Regression DB Access"
from_port = 5432
to_port = 5432
protocol = "tcp"
security_groups = [data.aws_security_group.datastore_regression.id]
dynamic "egress" {
for_each = var.add_regression_egress ? [1] : []
content {
description = "Core DoS Regression DB Access"
from_port = 5432
to_port = 5432
protocol = "tcp"
security_groups = [data.aws_security_group.datastore_regression[0].id]
}

}

egress {
description = "AWS API Outbound Access"
from_port = 443
Expand All @@ -53,7 +60,7 @@ resource "aws_security_group_rule" "db_perf_sg_ingress" {
from_port = 5432
to_port = 5432
protocol = "tcp"
security_group_id = data.aws_security_group.datastore_performance.id
security_group_id = data.aws_security_group.datastore_performance[0].id
source_security_group_id = aws_security_group.hk_lambda_sg.id
description = "A rule to allow incoming connections from hk lambda to Performance Datastore Security Group"
}
Expand All @@ -64,7 +71,7 @@ resource "aws_security_group_rule" "db_regression_sg_ingress" {
from_port = 5432
to_port = 5432
protocol = "tcp"
security_group_id = data.aws_security_group.datastore_regression.id
security_group_id = data.aws_security_group.datastore_regression[0].id
source_security_group_id = aws_security_group.hk_lambda_sg.id
description = "A rule to allow incoming connections from hk lambda to Regression Datastore Security Group"
}

0 comments on commit 4421245

Please sign in to comment.