From eb5d267836dfebadb24d743d74dd6f38605527fb Mon Sep 17 00:00:00 2001 From: Don Badrak Date: Fri, 28 Jun 2019 14:11:50 -0400 Subject: [PATCH] initial setup --- ois-scanner/README.md | 0 ois-scanner/main.tf | 77 ++++++++++++++++++++++++++++++++++++++++ ois-scanner/outputs.tf | 0 ois-scanner/variables.tf | 10 ++++++ 4 files changed, 87 insertions(+) create mode 100644 ois-scanner/README.md create mode 100644 ois-scanner/main.tf create mode 100644 ois-scanner/outputs.tf create mode 100644 ois-scanner/variables.tf diff --git a/ois-scanner/README.md b/ois-scanner/README.md new file mode 100644 index 0000000..e69de29 diff --git a/ois-scanner/main.tf b/ois-scanner/main.tf new file mode 100644 index 0000000..8892449 --- /dev/null +++ b/ois-scanner/main.tf @@ -0,0 +1,77 @@ +/** + * Usage: +* +* module "ois-scanner" { +* source = "aws-common-security-groups/ois-scanner" +* +* vpc_id = "${var.vpc_id}" +* tags = { } +* # Name, CostAllocation, and Environment are pre-set +* } +*/ + +locals { + name = "ois-scanner" +} + +module "ois-scanner" { + source = "terraform-aws-modules/security-group/aws" + + name = "${local.name}" + description = "common: allows OIS scanners and OIS subnets full access for compliance scanning" + vpc_id = "${var.vpc_id}" + + ingress_cidr_blocks = [ + "148.129.121.0/24", + "148.129.21.0/24", + "172.18.33.207", + "172.18.33.208", + "172.18.33.210", + "172.18.33.211", + "172.18.33.213", + ] + ingress_rules = [ "all-all" ] + + tags = "${merge( + map("CostAllocation", "csvd:infrastructure"), + map("Environment", "csvd-infrastructure"), + map("Name", "sg-${local.name}"), + var.tags, + )}" +} + +# - site: bcc +# base_subnet: 148.129.121.0/24 +# subnets: +# - subnet: 148.129.121.0/27 +# purpose: ois-scanning-devices +# location: bcc-m2 +# - subnet: 148.129.121.32/27 +# purpose: ois-scanning-devices +# location: bcc-m6 +# - subnet: 148.129.121.64/27 +# purpose: ois-scanning-devices +# location: bcc-m4 +# - subnet: 148.129.121.128/27 +# purpose: ois-scanning-devices +# location: bcc-m7 +# hosts: +# - name: scanner1.ois.census.gov +# address: 172.18.33.207 +# - name: lightning.ois.census.gov +# address: 172.18.33.208 +# - name: scanner2.ois.census.gov +# address: 172.18.33.210 +# - name: scanner3.ois.census.gov +# address: 172.18.33.211 +# - name: portal1.ois.census.gov +# address: 172.18.33.213 +# - site: npc +# base_subnet: 148.129.21.0/24 +# subnets: +# - subnet: 148.129.21.0/27 +# purpose: ois-scanning-devices +# location: npc-60c +# - subnet: 148.129.21.32/27 +# purpose: ois-scanning-devices +# location: npc-63f diff --git a/ois-scanner/outputs.tf b/ois-scanner/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/ois-scanner/variables.tf b/ois-scanner/variables.tf new file mode 100644 index 0000000..b54a0a1 --- /dev/null +++ b/ois-scanner/variables.tf @@ -0,0 +1,10 @@ +variable "vpc_id" { + description = "VPC ID Number" +} + +variable "tags" { + description = "Extra security group tags" + + type = "map" + default = { } +}