diff --git a/it-windows-base/README.md b/it-windows-base/README.md
index 49228cc..efdb9d6 100644
--- a/it-windows-base/README.md
+++ b/it-windows-base/README.md
@@ -2,7 +2,7 @@
This describes how to use the aws-common-security-groups submodule for it-windows-base.
-Commonly used ports and services are set up here, including ICMP, SSH, NTP, DNS, SNMP,
+Commonly used ports and services are set up here, including ICMP, AD, RDP, NTP, DNS, SNMP,
monit, munin, iperf, netperf, NetBackup and Opsware.
## Usage
@@ -34,15 +34,15 @@ module "it-windows-base" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| \_module\_version | Module version number | `string` | `"1.0.1"` | no |
-| description | Security Group Description | `string` | `"Linux Common Base Security Group"` | no |
+| \_module\_version | Module version number | `string` | `"1.0"` | no |
+| description | Security Group Description | `string` | `"Windows Common Base Security Group"` | no |
| egress\_networks | List of egress networks (all ports) | `list(string)` | [
"0.0.0.0/0"
]
| no |
| egress\_security\_groups | List of egress security groups (all ports) | `list(string)` | `[]` | no |
| enable\_self | Enable\|Disable self full access | `bool` | `false` | no |
| ingress\_networks | List of ingress networks for external access (not all ports) | `list(string)` | [
"0.0.0.0/0"
]
| no |
| ingress\_security\_groups | List of ingress security groups for all ports | `list(string)` | `[]` | no |
| name | Security Group Name | `string` | `"it-windows-base"` | no |
-| short\_description | Security Group Short Description | `string` | `"Linux"` | no |
+| short\_description | Security Group Short Description | `string` | `"Windows"` | no |
| tags | Extra security group tags | `map` | {
"CostAllocation": "csvd:infrastructure",
"Environment": "csvd-infrastructure"
} | no |
| use\_vpc\_cidr | Enable\|Disable use of VPC CIDR block in the ingress\_networks | `bool` | `false` | no |
| vpc\_full\_name | VPC Name | `string` | `""` | no |
@@ -54,4 +54,3 @@ module "it-windows-base" {
|------|-------------|
| this\_security\_group\_arn | Created security group ARN |
| this\_security\_group\_id | Created security group ID |
-
diff --git a/it-windows-base/ports.tf b/it-windows-base/ports.tf
index 26eee9b..c1340b0 100644
--- a/it-windows-base/ports.tf
+++ b/it-windows-base/ports.tf
@@ -6,6 +6,7 @@
# cidr_block
# list of: all, external (more added as needed)
+## % python modify-security-groups.py list sg-00fb5065
## sg_id=sg-00fb5065 sg_name='it-windows-base' vpc_id=vpc-2ea5664b sg_description='Windows Common Base Security Group'
## direction=ingress pft=udp,161,161 range=0.0.0.0/0
## direction=ingress pft=tcp,1556,1556 range=10.193.0.0/22
@@ -14,6 +15,7 @@
## direction=ingress pft=icmp,-1,-1 range=0.0.0.0/0
## direction=egress pft=all range=0.0.0.0/0
+## this adds iperf3
locals {
n_all = ["0.0.0.0/0"]
n_census = ["148.129.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]
@@ -22,17 +24,17 @@ locals {
n_ansible = ["172.24.12.239/32"]
source_groups = ["all", "external"]
name = var.name
- ports = [
- [ -1, -1, "icmp", "ICMP", local.n_all, ["external"] ],
- [ 161, 161, "udp", "SNMP", local.n_all, ["external"] ],
- [ 5201, 5203, "tcp", "iperf3", local.n_all, ["external"] ],
- [ 5201, 5203, "udp", "iperf3", local.n_all, ["external"] ],
- [ 1556, 1556, "tcp", "Netbackup", local.n_backup, ["external"] ],
- [ 3389, 3389, "tcp", "RDP", local.n_census, ["external"] ],
- [ 5986, 5986, "tcp", "WinRM-https", local.n_ansible, ["external"] ],
+ ports = [
+ [-1, -1, "icmp", "ICMP", local.n_all, ["external"]],
+ [161, 161, "udp", "SNMP", local.n_all, ["external"]],
+ [5201, 5203, "tcp", "iperf3", local.n_all, ["external"]],
+ [5201, 5203, "udp", "iperf3", local.n_all, ["external"]],
+ [1556, 1556, "tcp", "Netbackup", local.n_backup, ["external"]],
+ [3389, 3389, "tcp", "RDP", local.n_census, ["external"]],
+ [5986, 5986, "tcp", "WinRM-https", local.n_ansible, ["external"]],
]
- # these are ignored
+ # these are ignored
ingress_networks = var.ingress_networks
egress_networks = var.egress_networks