Merge pull request #15 from clouddrove/feature/sgrule

dverma-cd · web-flow · commit 464c262ff89b · 2022-07-27T21:41:30.000+05:30
sg ingress rule added for vpc_cidr
diff --git a/_example/example.tf b/_example/example.tf
@@ -42,4 +42,5 @@ module "efs" {
   subnets                   = module.subnets.public_subnet_id
   security_groups           = [module.vpc.vpc_default_security_group_id]
   efs_backup_policy_enabled = true
+  allow_cidr                = ["10.0.0.0/16"] #vpc_cidr
 }
diff --git a/main.tf b/main.tf
@@ -59,6 +59,13 @@ resource "aws_security_group" "default" {
     security_groups = var.security_groups
   }
 
+  ingress {
+    from_port   = "2049" # NFS
+    to_port     = "2049"
+    protocol    = "tcp"
+    cidr_blocks = var.allow_cidr #tfsec:ignore:aws-vpc-no-public-egress-sgr
+  }
+
   egress {
     from_port   = 0
     to_port     = 0
diff --git a/variables.tf b/variables.tf
@@ -140,4 +140,10 @@ variable "efs_backup_policy_enabled" {
   type        = bool
   default     = true
   description = "If `true`, it will turn on automatic backups."
+}
+
+variable "allow_cidr" {
+  type        = list(any)
+  default     = []
+  description = "Provide allowed cidr to efs"
 }

Original file line number	Diff line number	Diff line change
`@@ -42,4 +42,5 @@ module "efs" {`
`42`	`42`	`subnets = module.subnets.public_subnet_id`
`43`	`43`	`security_groups = [module.vpc.vpc_default_security_group_id]`
`44`	`44`	`efs_backup_policy_enabled = true`
	`45`	`+ allow_cidr = ["10.0.0.0/16"] #vpc_cidr`
`45`	`46`	`}`