From 9cec51afb015d89e2140d77636e6db75996a1c9a Mon Sep 17 00:00:00 2001 From: Jordan Acosta Date: Fri, 26 Jan 2024 16:47:39 -0800 Subject: [PATCH] feat(aws-ecs): add runner security group --- aws-ecs/outputs.tf | 4 ++-- aws-ecs/runner_security_group.tf | 17 +++++++++++++++++ aws-ecs/vpc.tf | 18 ------------------ 3 files changed, 19 insertions(+), 20 deletions(-) create mode 100644 aws-ecs/runner_security_group.tf diff --git a/aws-ecs/outputs.tf b/aws-ecs/outputs.tf index d3632c9..3402116 100644 --- a/aws-ecs/outputs.tf +++ b/aws-ecs/outputs.tf @@ -31,8 +31,8 @@ output "vpc" { public_subnet_cidr_blocks = module.vpc.public_subnets_cidr_blocks public_subnet_ids = module.vpc.public_subnets - default_security_group_id = module.vpc.default_security_group_id - # default_security_group_arn = data.aws_security_group.default.arn + default_security_group_id = aws_security_group.runner.id + # default_security_group_arn = aws_security_group.runner.arn } } diff --git a/aws-ecs/runner_security_group.tf b/aws-ecs/runner_security_group.tf new file mode 100644 index 0000000..cb4a43c --- /dev/null +++ b/aws-ecs/runner_security_group.tf @@ -0,0 +1,17 @@ +resource "aws_security_group" "runner" { + vpc_id = module.vpc.vpc_id + + egress { + protocol = "-1" + from_port = 0 + to_port = 0 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + protocol = "-1" + from_port = 0 + to_port = 0 + cidr_blocks = ["0.0.0.0/0"] + } +} diff --git a/aws-ecs/vpc.tf b/aws-ecs/vpc.tf index 9335ba5..f0fa271 100644 --- a/aws-ecs/vpc.tf +++ b/aws-ecs/vpc.tf @@ -34,24 +34,6 @@ module "vpc" { #create_database_subnet_group = true #create_elasticache_subnet_group = true - default_security_group_egress = [ - { - "protocol" = "-1" - from_port = 0 - to_port = 0 - cidr_blocks = "0.0.0.0/0" - } - ] - - default_security_group_ingress = [ - { - "protocol" = "-1" - from_port = 0 - to_port = 0 - cidr_blocks = "0.0.0.0/0" - } - ] - public_subnet_tags = { "kubernetes.io/cluster/${local.nuon_id}" = "shared" "kubernetes.io/role/elb" = 1