«   2021/04   »
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
04-16 18:02
Notice
Today
228
Total
1,418,531
관리 메뉴

변군이글루

[terraformA 시리즈] 보안 그룹에 정책 추가 본문

* 퍼블릭 클라우드

[terraformA 시리즈] 보안 그룹에 정책 추가

변군 변군이글루 2021. 2. 3. 18:05

보안 그룹에 정책 추가

 - EC2 보안 그룹에 ALB 정책 추가

ec2-sg.tf

$ vim ec2-sg.tf
####################EC2 웹 시큐리티 구룹 생성
resource "aws_security_group" "tf_vpc99_sg-ec2-web1" {
    name                    = "ec2-web1"
    description             = "Managed In Terraform"
    vpc_id                  = aws_vpc.tf_vpc99.id
    tags = {
        Name                = "ec2-web1"
        Env                 = "stg"
        CreateUser          = "terraform@email.com"
        Owner               = "iac"
        Role                = "security_group"
        Service             = "security"
    }
    ingress {
        description         = "any-22 open"
        from_port           = 22
        to_port             = 22
        protocol            = "tcp"
        cidr_blocks         = ["0.0.0.0/0"]
    }
    egress {
        description         = "any open"
        from_port           = 0
        to_port             = 0
        protocol            = "-1"
        cidr_blocks         = ["0.0.0.0/0"]
    }
}

alb-sg.tf

$ vim alb-sg.tf
###ALB 웹 시큐리티 구룹 생성
resource "aws_security_group" "tf_vpc99_sg_alb-web1" {
    name                    = "alb-web1"
    description             = "Managed In Terraform"
    vpc_id                  = aws_vpc.tf_vpc99.id
    tags = {
        Name                = "alb-web1"
        Env                 = "stg"
        CreateUser          = "terraform@email.com"
        Owner               = "iac"
        Role                = "security_group"
        Service             = "security"
    }
    ingress {
        description         = "any-80port open"
        from_port           = 80
        to_port             = 80
        protocol            = "tcp"
        cidr_blocks         = ["0.0.0.0/0"]
    }
    ingress {
        description         = "any-443port open"
        from_port           = 443
        to_port             = 443
        protocol            = "tcp"
        cidr_blocks         = ["0.0.0.0/0"]
    }
    egress {
        description         = "any open"
        from_port           = 0
        to_port             = 0
        protocol            = "-1"
        cidr_blocks         = ["0.0.0.0/0"]
    }
}

sg-rule.tf

$ vim sg-rule.tf
####################EC2 정책에 ALB 정책 룰 추가
resource "aws_security_group_rule" "tf_vpc99_sg_rule-ec2-web1" {
    description                 = "alb service port open"
    security_group_id           = aws_security_group.tf_vpc99_sg-ec2-web1.id
    source_security_group_id    = aws_security_group.tf_vpc99_sg_alb-web1.id
    type                        = "ingress"
    from_port                   = 80
    to_port                     = 80
    protocol                    = "tcp"
}
0 Comments
댓글쓰기 폼