Moved the security group definition to a separate file.

kcantrel · kcantrel · commit cf5ad1b19768 · 2024-06-27T11:01:12.000-05:00
diff --git a/Terraform/deploy-fsx-ontap/standalone-module/security_groups.tf b/Terraform/deploy-fsx-ontap/standalone-module/security_groups.tf
@@ -241,6 +241,16 @@ resource "aws_vpc_security_group_ingress_rule" "ssh" {
   ip_protocol       = "tcp"
 }
 
+resource "aws_vpc_security_group_ingress_rule" "s3_and_api" {
+  security_group_id = aws_security_group.fsx_sg.id
+  description       = "Provice acccess to S3 and the ONTAP REST API"
+  cidr_ipv4         = (local.ciddr_block != "" ? local.ciddr_block : null)
+  referenced_security_group_id = (local.security_group_id != "" ? local.security_group_id : null)
+  from_port         = 443
+  to_port           = 443
+  ip_protocol       = "tcp"
+}
+
 resource "aws_vpc_security_group_egress_rule" "allow_all_traffic" {
   security_group_id = aws_security_group.fsx_sg.id
   cidr_ipv4         = "0.0.0.0/0"  // Allow all output traffic.
