add comments

it-windows-base/README.md

@@ -2,7 +2,7 @@
 
 This describes how to use the aws-common-security-groups submodule for it-windows-base.
 
-Commonly used ports and services are set up here, including ICMP, SSH, NTP, DNS, SNMP,  
+Commonly used ports and services are set up here, including ICMP, AD, RDP, NTP, DNS, SNMP,  
 monit, munin, iperf, netperf, NetBackup and Opsware.
 
 ## Usage
@@ -34,15 +34,15 @@ module "it-windows-base" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| \_module\_version | Module version number | `string` | `"1.0.1"` | no |
-| description | Security Group Description | `string` | `"Linux Common Base Security Group"` | no |
+| \_module\_version | Module version number | `string` | `"1.0"` | no |
+| description | Security Group Description | `string` | `"Windows Common Base Security Group"` | no |
 | egress\_networks | List of egress networks (all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | egress\_security\_groups | List of egress security groups (all ports) | `list(string)` | `[]` | no |
 | enable\_self | Enable\|Disable self full access | `bool` | `false` | no |
 | ingress\_networks | List of ingress networks for external access (not all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | ingress\_security\_groups | List of ingress security groups for all ports | `list(string)` | `[]` | no |
 | name | Security Group Name | `string` | `"it-windows-base"` | no |
-| short\_description | Security Group Short Description | `string` | `"Linux"` | no |
+| short\_description | Security Group Short Description | `string` | `"Windows"` | no |
 | tags | Extra security group tags | `map` | <pre>{<br>  "CostAllocation": "csvd:infrastructure",<br>  "Environment": "csvd-infrastructure"<br>}</pre> | no |
 | use\_vpc\_cidr | Enable\|Disable use of VPC CIDR block in the ingress\_networks | `bool` | `false` | no |
 | vpc\_full\_name | VPC Name | `string` | `""` | no |
@@ -54,4 +54,3 @@ module "it-windows-base" {
 |------|-------------|
 | this\_security\_group\_arn | Created security group ARN |
 | this\_security\_group\_id | Created security group ID |
-

it-windows-base/ports.tf

@@ -6,6 +6,7 @@
 #   cidr_block
 #   list of: all, external (more added as needed)
 
+## % python modify-security-groups.py list sg-00fb5065
 ##  sg_id=sg-00fb5065 sg_name='it-windows-base' vpc_id=vpc-2ea5664b sg_description='Windows Common Base Security Group'
 ## direction=ingress pft=udp,161,161 range=0.0.0.0/0
 ## direction=ingress pft=tcp,1556,1556 range=10.193.0.0/22
@@ -14,6 +15,7 @@
 ## direction=ingress pft=icmp,-1,-1 range=0.0.0.0/0
 ## direction=egress pft=all range=0.0.0.0/0
 
+## this adds iperf3
 locals {
   n_all         = ["0.0.0.0/0"]
   n_census      = ["148.129.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]
@@ -22,17 +24,17 @@ locals {
   n_ansible     = ["172.24.12.239/32"]
   source_groups = ["all", "external"]
   name          = var.name
-  ports = [ 
-    [ -1, -1, "icmp", "ICMP", local.n_all, ["external"] ],
-    [ 161, 161, "udp", "SNMP", local.n_all, ["external"] ],
-    [ 5201, 5203, "tcp", "iperf3", local.n_all, ["external"] ],
-    [ 5201, 5203, "udp", "iperf3", local.n_all, ["external"] ],
-    [ 1556, 1556, "tcp", "Netbackup", local.n_backup, ["external"] ],
-    [ 3389, 3389, "tcp", "RDP", local.n_census, ["external"] ],
-    [ 5986, 5986, "tcp", "WinRM-https", local.n_ansible, ["external"] ],
+  ports = [
+    [-1, -1, "icmp", "ICMP", local.n_all, ["external"]],
+    [161, 161, "udp", "SNMP", local.n_all, ["external"]],
+    [5201, 5203, "tcp", "iperf3", local.n_all, ["external"]],
+    [5201, 5203, "udp", "iperf3", local.n_all, ["external"]],
+    [1556, 1556, "tcp", "Netbackup", local.n_backup, ["external"]],
+    [3389, 3389, "tcp", "RDP", local.n_census, ["external"]],
+    [5986, 5986, "tcp", "WinRM-https", local.n_ansible, ["external"]],
   ]
 
-   # these are ignored
+  # these are ignored
   ingress_networks = var.ingress_networks
   egress_networks  = var.egress_networks