Skip to content

Instantly share code, notes, and snippets.

@kalbasit kalbasit/aws.nix
Created Jan 16, 2019

Embed
What would you like to do?
resources = {
ec2SecurityGroups = {
ssh-in = {
inherit accessKeyId region;
description = "Allow incoming SSH connection from anywhere";
rules = [
{ fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "0.0.0.0/0"; }
# TODO(low): https://github.com/NixOS/nixops/issues/683
# {fromPort = 22; toPort = 22; protocol = "tcp"; sourceIp = "::/0"; }
];
};
http-in = {
inherit accessKeyId region;
description = "Allow incoming HTTP connection from anywhere";
rules = [
{ fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "0.0.0.0/0"; }
# TODO(low): https://github.com/NixOS/nixops/issues/683
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
];
};
backend-http-in = { resources, ... }: {
inherit accessKeyId region;
description = "Allow backend HTTP connection from HTTP servers";
rules = [
{ fromPort = 8080; toPort = 8080; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.http-in.name; }; }
# TODO(low): https://github.com/NixOS/nixops/issues/683
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
];
};
redis-in = { resources, ... }: {
inherit accessKeyId region;
description = "Allow incoming Redis connection from backend HTTP hosts";
rules = [
{ fromPort = 6379; toPort = 6379; protocol = "tcp"; sourceGroup = { inherit ownerId; groupName = resources.ec2SecurityGroups.backend-http-in.name; }; }
# TODO(low): https://github.com/NixOS/nixops/issues/683
# {fromPort = 80; toPort = 80; protocol = "tcp"; sourceIp = "::/0"; }
];
};
};
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.