remove use of external module, update docs

terraform-modules · Jul 2, 2019 · 6834408 · 6834408
1 parent 8c3cb2f
commit 6834408
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 17 deletions.
diff --git a/ois-scanner/README.md b/ois-scanner/README.md
@@ -1,6 +1,6 @@
 # About
 
-This describes how to use the aws-common-securit-groups submodule for ois-scanner. This sets up
+This describes how to use the aws-common-security-groups submodule for ois-scanner. This sets up
 a module for a security group in the respective VPC.  When construting a new VPC, we want to include
 this module.  This should be in each VPC we have, in production.  We probably need a similar one
 for the CAT environment, but we'll tackle that when we get to it.
@@ -9,11 +9,11 @@ for the CAT environment, but we'll tackle that when we get to it.
 
 ```code
 module "ois-scanner" {
-  source = "git::https://vc1.csvd.census.gov/terraform-modules/aws-common-security-groups.git/ois-scanner"
+  source = "git::https://vc1.csvd.census.gov/terraform-modules/aws-common-security-groups.git//ois-scanner"
 
   vpc_id = "${var.vpc_id}"
-  tags = { }
   # Name, CostAllocation, and Environment are pre-set
+  # tags = { }
 }
 ```
 

diff --git a/ois-scanner/main.tf b/ois-scanner/main.tf
@@ -1,7 +1,7 @@
 /**
 * # About
 * 
-* This describes how to use the aws-common-securit-groups submodule for ois-scanner. This sets up
+* This describes how to use the aws-common-security-groups submodule for ois-scanner. This sets up
 * a module for a security group in the respective VPC.  When construting a new VPC, we want to include
 * this module.  This should be in each VPC we have, in production.  We probably need a similar one
 * for the CAT environment, but we'll tackle that when we get to it.
@@ -13,25 +13,15 @@
 *   source = "git::https://vc1.csvd.census.gov/terraform-modules/aws-common-security-groups.git//ois-scanner"
 * 
 *   vpc_id = "${var.vpc_id}"
-*   tags = { }
 *   # Name, CostAllocation, and Environment are pre-set
+*   # tags = { }
 * }
 * ```
 */
 
 locals {
   name = "ois-scanner"
-}
-
-module "ois-scanner" {
-  source = "terraform-aws-modules/security-group/aws"
-  version = "2.17.0"
-
-  name = "${local.name}"
-  description = "common: allows OIS scanners and OIS subnets full access for compliance scanning"
-  vpc_id = "${var.vpc_id}"
-
-  ingress_cidr_blocks = [
+  ipv4_cidr = [
     "148.129.121.0/24",
     "148.129.21.0/24",
     "172.18.33.207/32",
@@ -40,7 +30,29 @@ module "ois-scanner" {
     "172.18.33.211/32",
     "172.18.33.213/32",
   ]
-  ingress_rules = [ "all-all" ]
+}
+
+module "ois-scanner" {
+#  source = "terraform-aws-modules/security-group/aws"
+#  version = "2.17.0"
+
+  name = "${local.name}"
+  description = "common: allows OIS scanners and OIS subnets full access for compliance scanning"
+  vpc_id = "${var.vpc_id}"
+
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = -1
+    cidr_blocks = "${local.ipv4_cidr}"
+  }
+
+  egress {
+    from_port = 0
+    to_port   = 0
+    protocol  = -1
+    cidr_blocks = [ "0.0.0.0/0" ]
+  }
 
   tags = "${merge(
     map("CostAllocation", "csvd:infrastructure"),