Created
February 28, 2019 02:00
-
-
Save rivernews/c43319f3d950b7a1e2ba09d2a1ba7957 to your computer and use it in GitHub Desktop.
Security group that protects EC2 instances behind Application Load Balancer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| resource "aws_security_group" "behind_alb_sg" { | |
| name = "${var.project_name}_ec2_behind_alb" | |
| description = "Protect EC2 instances from public traffic and set them behind Application Load Balancer." | |
| vpc_id = "${var.vpc_id}" | |
| ingress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| security_groups = ["${aws_security_group.public_alb.id}"] // only from alb | |
| } | |
| # allow all traffic | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| } | |
| ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment