From 21e9b8f357f59281ca2e8613a0960ddd82595c3e Mon Sep 17 00:00:00 2001 From: Grunet Date: Tue, 27 Aug 2024 01:52:11 +0000 Subject: [PATCH] add in the security group --- packages/aws-terraform/main.tf | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/packages/aws-terraform/main.tf b/packages/aws-terraform/main.tf index aae5c33..96410e6 100644 --- a/packages/aws-terraform/main.tf +++ b/packages/aws-terraform/main.tf @@ -1,3 +1,12 @@ +variable "vpc_id" { + type = string + description = "The VPC to place the honeypot service in" +} + +variable "subnet_id" { + type = string + description = "The subnet to place the honeypot service in" +} variable "cluster_name_or_arn" { type = string @@ -28,9 +37,8 @@ resource "aws_ecs_service" "service" { launch_type = "FARGATE" network_configuration { assign_public_ip = false - # TODO - need to fill these references out - # subnets = [] - # security_groups = [] + subnets = [var.subnet_id] + security_groups = [aws_security_group.sg_ingress_full_access] } platform_version = "1.4.0" propagate_tags = "SERVICE" @@ -40,3 +48,19 @@ resource "aws_ecs_service" "service" { # TODO - need to fill this reference out # task_definition = "" } + +resource "aws_security_group" "sg_ingress_full_access" { + description = "Allows all ingress traffic from within the VPC" + ingress = [ + { + cidr_blocks = ["0.0.0.0/0"] + protocol = -1 + from_port = 0 + to_port = 0 + } + ] + tags = { + cloud-native-honeypot = true + } + vpc_id = var.vpc_id +}