如何在Terraform中为公共和私有子网创建安全组?

时间:2020-08-29 15:25:01

标签: amazon-web-services terraform terraform-provider-aws aws-security-group private-subnet

我分别创建了2个安全组。 一个用于在公共子网中运行的ec2实例,另一个用于在私有子网中运行的ec2实例。

我想从公共实例安全地转入私有实例。

以下用于私有安全组的端口配置是否正确,或者是否需要打开任何其他端口? 这些安全组端口是否需要以某种方式连接才能切入专用实例? (我已经创建了vpc,一个公共和私有子网,eip,nat-gateway)。

public_sgGroup.tf 

resource "aws_security_group" "public_sg" {
  name = "Public_sg"
  description = "Security Group for Public instance-Bastion"
  

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  
  egress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["${var.s_group_vpc_cidr}"]
  }

  egress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

   egress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags {
    Name = "Public_sgGroup"
  }
}

private_sgGroup 

resource "aws_security_group" "private_sg" {
  name = "Private_sg"
  description = "Security Group for Private instance"
  

  egress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["${var.s_group_vpc_cidr}"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

   ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags {
    Name = "Private_sgGroup"
  }
}

谢谢。

0 个答案:

没有答案
相关问题
最新问题