Merge pull request #15 from clouddrove/feature/sgrule

sg ingress rule added for vpc_cidr
clouddrove · Jul 27, 2022 · 464c262 · 464c262
2 parents f038884 + f465bc2
commit 464c262
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/_example/example.tf b/_example/example.tf
@@ -42,4 +42,5 @@ module "efs" {
   subnets                   = module.subnets.public_subnet_id
   security_groups           = [module.vpc.vpc_default_security_group_id]
   efs_backup_policy_enabled = true
+  allow_cidr                = ["10.0.0.0/16"] #vpc_cidr
 }
diff --git a/main.tf b/main.tf
@@ -59,6 +59,13 @@ resource "aws_security_group" "default" {
     security_groups = var.security_groups
   }
 
+  ingress {
+    from_port   = "2049" # NFS
+    to_port     = "2049"
+    protocol    = "tcp"
+    cidr_blocks = var.allow_cidr #tfsec:ignore:aws-vpc-no-public-egress-sgr
+  }
+
   egress {
     from_port   = 0
     to_port     = 0

diff --git a/variables.tf b/variables.tf
@@ -140,4 +140,10 @@ variable "efs_backup_policy_enabled" {
   type        = bool
   default     = true
   description = "If `true`, it will turn on automatic backups."
+}
+
+variable "allow_cidr" {
+  type        = list(any)
+  default     = []
+  description = "Provide allowed cidr to efs"
 }