mirror of https://github.com/kubernetes/kops.git
Add ability to consistently name sgrs
In order to let kops fully control the rules for each security group we need to be able to generate names from the info in AWS. This is similar to the approach we used for openstack Update pkg/model/firewall.go Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
This commit is contained in:
Ole Markus With
parent
3c76610688
commit
fab694d290
|
|
@ -84,7 +84,7 @@ func (b *FirewallModelBuilder) buildNodeRules(c *fi.ModelBuilderContext) ([]Secu
|
|||
Egress: fi.Bool(true),
|
||||
CIDR: s("0.0.0.0/0"),
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
|
||||
// Nodes can talk to nodes
|
||||
|
|
@ -97,7 +97,7 @@ func (b *FirewallModelBuilder) buildNodeRules(c *fi.ModelBuilderContext) ([]Secu
|
|||
SecurityGroup: dest.Task,
|
||||
SourceGroup: src.Task,
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -167,7 +167,7 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu
|
|||
ToPort: i64(int64(r.To)),
|
||||
Protocol: s("udp"),
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
for _, r := range tcpRanges {
|
||||
t := &awstasks.SecurityGroupRule{
|
||||
|
|
@ -179,7 +179,7 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu
|
|||
ToPort: i64(int64(r.To)),
|
||||
Protocol: s("tcp"),
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
for _, protocol := range protocols {
|
||||
awsName := strconv.Itoa(int(protocol))
|
||||
|
|
@ -198,7 +198,7 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu
|
|||
SourceGroup: nodeGroup.Task,
|
||||
Protocol: s(awsName),
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -216,7 +216,7 @@ func (b *FirewallModelBuilder) applyNodeToMasterBlockSpecificPorts(c *fi.ModelBu
|
|||
SecurityGroup: dest.Task,
|
||||
SourceGroup: src.Task,
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -244,7 +244,7 @@ func (b *FirewallModelBuilder) buildMasterRules(c *fi.ModelBuilderContext, nodeG
|
|||
Egress: fi.Bool(true),
|
||||
CIDR: s("0.0.0.0/0"),
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
|
||||
// Masters can talk to masters
|
||||
|
|
@ -257,7 +257,7 @@ func (b *FirewallModelBuilder) buildMasterRules(c *fi.ModelBuilderContext, nodeG
|
|||
SecurityGroup: dest.Task,
|
||||
SourceGroup: src.Task,
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
|
||||
// Masters can talk to nodes
|
||||
|
|
@ -270,7 +270,7 @@ func (b *FirewallModelBuilder) buildMasterRules(c *fi.ModelBuilderContext, nodeG
|
|||
SecurityGroup: dest.Task,
|
||||
SourceGroup: src.Task,
|
||||
}
|
||||
c.AddTask(t)
|
||||
b.AddDirectionalGroupRule(c, t)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -403,3 +403,44 @@ func JoinSuffixes(src SecurityGroupInfo, dest SecurityGroupInfo) string {
|
|||
|
||||
return s + d
|
||||
}
|
||||
|
||||
func (b *KopsModelContext) AddDirectionalGroupRule(c *fi.ModelBuilderContext, t *awstasks.SecurityGroupRule) {
|
||||
|
||||
name := generateName(t)
|
||||
t.Name = fi.String(name)
|
||||
|
||||
klog.V(8).Infof("Adding rule %v", name)
|
||||
c.AddTask(t)
|
||||
|
||||
}
|
||||
|
||||
func generateName(o *awstasks.SecurityGroupRule) string {
|
||||
|
||||
var target, dst, src, direction, proto string
|
||||
if o.SourceGroup != nil {
|
||||
target = fi.StringValue(o.SourceGroup.Name)
|
||||
} else if o.CIDR != nil && fi.StringValue(o.CIDR) != "" {
|
||||
target = fi.StringValue(o.CIDR)
|
||||
} else {
|
||||
target = "0.0.0.0/0"
|
||||
}
|
||||
|
||||
if o.Protocol == nil || fi.StringValue(o.Protocol) == "" {
|
||||
proto = "all"
|
||||
} else {
|
||||
proto = fi.StringValue(o.Protocol)
|
||||
}
|
||||
|
||||
if o.Egress == nil || !fi.BoolValue(o.Egress) {
|
||||
direction = "ingress"
|
||||
src = target
|
||||
dst = fi.StringValue(o.SecurityGroup.Name)
|
||||
} else {
|
||||
direction = "egress"
|
||||
dst = target
|
||||
src = fi.StringValue(o.SecurityGroup.Name)
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%s-%s-%s-%dto%d-%s", src, direction,
|
||||
proto, fi.Int64Value(o.FromPort), fi.Int64Value(o.ToPort), dst)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -658,33 +658,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-bastionuserdata-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -757,7 +730,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -766,7 +739,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-bastionuserdata-example-com-ingress-all-0to0-masters-bastionuserdata-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-bastionuserdata-example-com-ingress-all-0to0-nodes-bastionuserdata-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -775,7 +766,7 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-protocol-ipip" {
|
||||
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-4-0to0-masters-bastionuserdata-example-com" {
|
||||
from_port = 0
|
||||
protocol = "4"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
|
|
@ -784,7 +775,16 @@ resource "aws_security_group_rule" "node-to-master-protocol-ipip" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-all-0to0-nodes-bastionuserdata-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-bastionuserdata-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-tcp-1to2379-masters-bastionuserdata-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
|
|
@ -793,7 +793,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-tcp-2382to4000-masters-bastionuserdata-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
|
|
@ -802,7 +802,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-tcp-4003to65535-masters-bastionuserdata-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
|
|
@ -811,7 +811,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-bastionuserdata-example-com-ingress-udp-1to65535-masters-bastionuserdata-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-bastionuserdata-example-com.id
|
||||
|
|
|
|||
|
|
@ -545,7 +545,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmasterscomplexexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -557,7 +557,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodescomplexexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -569,48 +569,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsapielb111024": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -695,6 +653,34 @@
|
|||
"CidrIpv6": "2001:0:8500::/40"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmasterscomplexexamplecomingressall0to0masterscomplexexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmasterscomplexexamplecomingressall0to0nodescomplexexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodeporttcpexternaltonode102030024": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -743,7 +729,21 @@
|
|||
"CidrIp": "1.2.3.4/32"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingressall0to0nodescomplexexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingresstcp1to2379masterscomplexexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -757,7 +757,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingresstcp2382to4000masterscomplexexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -771,7 +771,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingresstcp4003to65535masterscomplexexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -785,7 +785,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodescomplexexamplecomingressudp1to65535masterscomplexexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -497,33 +497,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.complex-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-api-elb-1-1-1-0--24" {
|
||||
cidr_blocks = ["1.1.1.0/24"]
|
||||
from_port = 443
|
||||
|
|
@ -587,7 +560,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-2001_0_8500__--40" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-complex-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -596,48 +569,21 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
resource "aws_security_group_rule" "masters-complex-example-com-ingress-all-0to0-masters-complex-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 2379
|
||||
source_security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 4000
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 65535
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 65535
|
||||
resource "aws_security_group_rule" "masters-complex-example-com-ingress-all-0to0-nodes-complex-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
|
|
@ -677,6 +623,60 @@ resource "aws_security_group_rule" "nodeport-udp-external-to-node-10-20-30-0--24
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-complex-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-all-0to0-nodes-complex-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-tcp-1to2379-masters-complex-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 2379
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-tcp-2382to4000-masters-complex-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 4000
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-tcp-4003to65535-masters-complex-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 65535
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-complex-example-com-ingress-udp-1to65535-masters-complex-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-complex-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-complex-example-com.id
|
||||
to_port = 65535
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "ssh-external-to-master-1-1-1-1--32" {
|
||||
cidr_blocks = ["1.1.1.1/32"]
|
||||
from_port = 22
|
||||
|
|
|
|||
|
|
@ -450,7 +450,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmasterscontainerdexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -462,7 +462,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodescontainerdexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -474,48 +474,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -528,7 +486,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0masterscontainerdexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp1to2379masterscontainerdexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -542,7 +542,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp2382to4000masterscontainerdexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -556,7 +556,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp4003to65535masterscontainerdexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -570,7 +570,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressudp1to65535masterscontainerdexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -648,33 +648,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.existing-iam-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-existing-iam-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -684,7 +657,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-existing-iam-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -693,7 +666,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-existing-iam-example-com-ingress-all-0to0-masters-existing-iam-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-existing-iam-example-com-ingress-all-0to0-nodes-existing-iam-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-existing-iam-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -702,7 +693,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-all-0to0-nodes-existing-iam-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-existing-iam-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-existing-iam-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-1to2379-masters-existing-iam-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
|
|
@ -711,7 +711,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-2382to4000-masters-existing-iam-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
|
|
@ -720,7 +720,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-tcp-4003to65535-masters-existing-iam-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
|
|
@ -729,7 +729,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-existing-iam-example-com-ingress-udp-1to65535-masters-existing-iam-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-existing-iam-example-com.id
|
||||
|
|
|
|||
|
|
@ -446,7 +446,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersminimalexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -458,7 +458,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesminimalexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -470,48 +470,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -524,7 +482,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0nodesminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressall0to0nodesminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp1to2379mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -538,7 +538,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp2382to4000mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -552,7 +552,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp4003to65535mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -566,7 +566,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressudp1to65535mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -740,123 +740,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.existingsg-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-default-sg-master-1a" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1a"
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-default-sg-master-1b" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1b"
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-sg-master-1a-default" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-sg-master-1a-sg-master-1a" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1a"
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-sg-master-1a-sg-master-1b" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1b"
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-sg-master-1b-default" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-sg-master-1b-sg-master-1a" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1a"
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master-sg-master-1b-sg-master-1b" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1b"
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node-default-sg-nodes" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node-sg-master-1a-sg-nodes" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node-sg-master-1b-sg-nodes" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node-sg-nodes-sg-nodes" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = "sg-nodes"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -911,7 +794,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-existingsg-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -920,7 +803,43 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress-sg-master-1a" {
|
||||
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-masters-existingsg-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-sg-master-1a-Master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1a"
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-sg-master-1b-Master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1b"
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-existingsg-example-com-ingress-all-0to0-sg-nodes-Node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1a-Master-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -929,7 +848,43 @@ resource "aws_security_group_rule" "master-egress-sg-master-1a" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress-sg-master-1b" {
|
||||
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-masters-existingsg-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-sg-master-1a-Master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1a"
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-sg-master-1b-Master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1b"
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1a-Master-ingress-all-0to0-sg-nodes-Node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = "sg-master-1a"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1b-Master-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -938,7 +893,43 @@ resource "aws_security_group_rule" "master-egress-sg-master-1b" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress-sg-nodes" {
|
||||
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-masters-existingsg-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-sg-master-1a-Master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1a"
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-sg-master-1b-Master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-master-1b"
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-master-1b-Master-ingress-all-0to0-sg-nodes-Node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = "sg-master-1b"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -947,7 +938,16 @@ resource "aws_security_group_rule" "node-egress-sg-nodes" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-default" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-all-0to0-sg-nodes-Node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = "sg-nodes"
|
||||
source_security_group_id = "sg-nodes"
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-1to2379-masters-existingsg-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
|
|
@ -956,7 +956,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-default"
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-sg-master-1a" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-1to2379-sg-master-1a-Master" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1a"
|
||||
|
|
@ -965,7 +965,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-sg-master
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-sg-master-1b" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-1to2379-sg-master-1b-Master" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1b"
|
||||
|
|
@ -974,7 +974,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379-sg-nodes-sg-master
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-default" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-2382to4000-masters-existingsg-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
|
|
@ -983,7 +983,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-defaul
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-master-1a" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-2382to4000-sg-master-1a-Master" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1a"
|
||||
|
|
@ -992,7 +992,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-mas
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-master-1b" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-2382to4000-sg-master-1b-Master" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1b"
|
||||
|
|
@ -1001,7 +1001,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000-sg-nodes-sg-mas
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535-sg-nodes-default" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-4003to65535-masters-existingsg-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
|
|
@ -1010,7 +1010,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535-sg-nodes-defau
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535-sg-nodes-sg-master-1a" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-4003to65535-sg-master-1a-Master" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1a"
|
||||
|
|
@ -1019,7 +1019,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535-sg-nodes-sg-ma
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535-sg-nodes-sg-master-1b" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-tcp-4003to65535-sg-master-1b-Master" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = "sg-master-1b"
|
||||
|
|
@ -1028,7 +1028,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535-sg-nodes-sg-ma
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535-sg-nodes-default" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-udp-1to65535-masters-existingsg-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-existingsg-example-com.id
|
||||
|
|
@ -1037,7 +1037,7 @@ resource "aws_security_group_rule" "node-to-master-udp-1-65535-sg-nodes-default"
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535-sg-nodes-sg-master-1a" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-udp-1to65535-sg-master-1a-Master" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = "sg-master-1a"
|
||||
|
|
@ -1046,7 +1046,7 @@ resource "aws_security_group_rule" "node-to-master-udp-1-65535-sg-nodes-sg-maste
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535-sg-nodes-sg-master-1b" {
|
||||
resource "aws_security_group_rule" "sg-nodes-Node-ingress-udp-1to65535-sg-master-1b-Master" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = "sg-master-1b"
|
||||
|
|
|
|||
|
|
@ -459,7 +459,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersexternallbexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -471,7 +471,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesexternallbexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -483,48 +483,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -537,7 +495,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersexternallbexamplecomingressall0to0mastersexternallbexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersexternallbexamplecomingressall0to0nodesexternallbexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersexternallbexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingressall0to0nodesexternallbexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesexternallbexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingresstcp1to2379mastersexternallbexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -551,7 +551,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingresstcp2382to4000mastersexternallbexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -565,7 +565,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingresstcp4003to65535mastersexternallbexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -579,7 +579,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesexternallbexamplecomingressudp1to65535mastersexternallbexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -403,33 +403,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.externallb-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externallb-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externallb-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externallb-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -439,7 +412,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-externallb-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -448,7 +421,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-externallb-example-com-ingress-all-0to0-masters-externallb-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-externallb-example-com-ingress-all-0to0-nodes-externallb-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externallb-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externallb-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -457,7 +448,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-all-0to0-nodes-externallb-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externallb-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externallb-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-1to2379-masters-externallb-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
|
|
@ -466,7 +466,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-2382to4000-masters-externallb-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
|
|
@ -475,7 +475,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-tcp-4003to65535-masters-externallb-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
|
|
@ -484,7 +484,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-externallb-example-com-ingress-udp-1to65535-masters-externallb-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-externallb-example-com.id
|
||||
|
|
|
|||
|
|
@ -493,33 +493,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.externalpolicies-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -556,7 +529,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-externalpolicies-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -565,48 +538,21 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
resource "aws_security_group_rule" "masters-externalpolicies-example-com-ingress-all-0to0-masters-externalpolicies-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 2379
|
||||
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 4000
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 65535
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 65535
|
||||
resource "aws_security_group_rule" "masters-externalpolicies-example-com-ingress-all-0to0-nodes-externalpolicies-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
|
|
@ -646,6 +592,60 @@ resource "aws_security_group_rule" "nodeport-udp-external-to-node-10-20-30-0--24
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-all-0to0-nodes-externalpolicies-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-tcp-1to2379-masters-externalpolicies-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 2379
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-tcp-2382to4000-masters-externalpolicies-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 4000
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-tcp-4003to65535-masters-externalpolicies-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 65535
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-externalpolicies-example-com-ingress-udp-1to65535-masters-externalpolicies-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-externalpolicies-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-externalpolicies-example-com.id
|
||||
to_port = 65535
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 22
|
||||
|
|
|
|||
|
|
@ -700,33 +700,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.ha-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-ha-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-ha-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-ha-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -736,7 +709,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-ha-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -745,7 +718,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-ha-example-com-ingress-all-0to0-masters-ha-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-ha-example-com-ingress-all-0to0-nodes-ha-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-ha-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-ha-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -754,7 +745,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-all-0to0-nodes-ha-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-ha-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-ha-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-1to2379-masters-ha-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
|
|
@ -763,7 +763,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-2382to4000-masters-ha-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
|
|
@ -772,7 +772,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-tcp-4003to65535-masters-ha-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
|
|
@ -781,7 +781,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-ha-example-com-ingress-udp-1to65535-masters-ha-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-ha-example-com.id
|
||||
|
|
|
|||
|
|
@ -469,7 +469,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmasterslaunchtemplatesexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -481,7 +481,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodeslaunchtemplatesexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -493,48 +493,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -547,7 +505,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmasterslaunchtemplatesexamplecomingressall0to0masterslaunchtemplatesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmasterslaunchtemplatesexamplecomingressall0to0nodeslaunchtemplatesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmasterslaunchtemplatesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingressall0to0nodeslaunchtemplatesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodeslaunchtemplatesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingresstcp1to2379masterslaunchtemplatesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -561,7 +561,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingresstcp2382to4000masterslaunchtemplatesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -575,7 +575,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingresstcp4003to65535masterslaunchtemplatesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -589,7 +589,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodeslaunchtemplatesexamplecomingressudp1to65535masterslaunchtemplatesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -518,33 +518,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.launchtemplates-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -554,7 +527,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-launchtemplates-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -563,7 +536,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-launchtemplates-example-com-ingress-all-0to0-masters-launchtemplates-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-launchtemplates-example-com-ingress-all-0to0-nodes-launchtemplates-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -572,7 +563,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-all-0to0-nodes-launchtemplates-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-launchtemplates-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tcp-1to2379-masters-launchtemplates-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
|
|
@ -581,7 +581,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tcp-2382to4000-masters-launchtemplates-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
|
|
@ -590,7 +590,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-tcp-4003to65535-masters-launchtemplates-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
|
|
@ -599,7 +599,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-launchtemplates-example-com-ingress-udp-1to65535-masters-launchtemplates-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-launchtemplates-example-com.id
|
||||
|
|
|
|||
|
|
@ -450,7 +450,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersminimalexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -462,7 +462,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesminimalexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -474,48 +474,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -528,7 +486,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersminimalexamplecomingressall0to0nodesminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressall0to0nodesminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesminimalexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp1to2379mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -542,7 +542,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp2382to4000mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -556,7 +556,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingresstcp4003to65535mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -570,7 +570,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesminimalexamplecomingressudp1to65535mastersminimalexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -487,30 +487,6 @@
|
|||
}
|
||||
},
|
||||
"aws_security_group_rule": {
|
||||
"all-master-to-master": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
"to_port": 0,
|
||||
"protocol": "-1"
|
||||
},
|
||||
"all-master-to-node": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
"to_port": 0,
|
||||
"protocol": "-1"
|
||||
},
|
||||
"all-node-to-node": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
"to_port": 0,
|
||||
"protocol": "-1"
|
||||
},
|
||||
"https-external-to-master-0-0-0-0--0": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
|
|
@ -521,7 +497,7 @@
|
|||
"0.0.0.0/0"
|
||||
]
|
||||
},
|
||||
"master-egress": {
|
||||
"masters-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": {
|
||||
"type": "egress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
|
|
@ -531,7 +507,23 @@
|
|||
"0.0.0.0/0"
|
||||
]
|
||||
},
|
||||
"node-egress": {
|
||||
"masters-minimal-json-example-com-ingress-all-0to0-masters-minimal-json-example-com": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
"to_port": 0,
|
||||
"protocol": "-1"
|
||||
},
|
||||
"masters-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
"to_port": 0,
|
||||
"protocol": "-1"
|
||||
},
|
||||
"nodes-minimal-json-example-com-egress-all-0to0-0-0-0-0--0": {
|
||||
"type": "egress",
|
||||
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
|
|
@ -541,7 +533,15 @@
|
|||
"0.0.0.0/0"
|
||||
]
|
||||
},
|
||||
"node-to-master-tcp-1-2379": {
|
||||
"nodes-minimal-json-example-com-ingress-all-0to0-nodes-minimal-json-example-com": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
"from_port": 0,
|
||||
"to_port": 0,
|
||||
"protocol": "-1"
|
||||
},
|
||||
"nodes-minimal-json-example-com-ingress-tcp-1to2379-masters-minimal-json-example-com": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
|
|
@ -549,7 +549,7 @@
|
|||
"to_port": 2379,
|
||||
"protocol": "tcp"
|
||||
},
|
||||
"node-to-master-tcp-2382-4000": {
|
||||
"nodes-minimal-json-example-com-ingress-tcp-2382to4000-masters-minimal-json-example-com": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
|
|
@ -557,7 +557,7 @@
|
|||
"to_port": 4000,
|
||||
"protocol": "tcp"
|
||||
},
|
||||
"node-to-master-tcp-4003-65535": {
|
||||
"nodes-minimal-json-example-com-ingress-tcp-4003to65535-masters-minimal-json-example-com": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
|
|
@ -565,7 +565,7 @@
|
|||
"to_port": 65535,
|
||||
"protocol": "tcp"
|
||||
},
|
||||
"node-to-master-udp-1-65535": {
|
||||
"nodes-minimal-json-example-com-ingress-udp-1to65535-masters-minimal-json-example-com": {
|
||||
"type": "ingress",
|
||||
"security_group_id": "${aws_security_group.masters-minimal-json-example-com.id}",
|
||||
"source_security_group_id": "${aws_security_group.nodes-minimal-json-example-com.id}",
|
||||
|
|
|
|||
|
|
@ -400,33 +400,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.minimal-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -436,7 +409,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -445,7 +418,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -454,7 +445,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
@ -463,7 +463,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
@ -472,7 +472,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
@ -481,7 +481,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
|
|||
|
|
@ -843,7 +843,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersmixedinstancesexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -855,7 +855,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesmixedinstancesexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -867,48 +867,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -921,7 +879,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp1to2379mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -935,7 +935,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp2382to4000mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -949,7 +949,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp4003to65535mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -963,7 +963,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressudp1to65535mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -718,33 +718,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.mixedinstances-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -754,7 +727,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -763,7 +736,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-masters-mixedinstances-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -772,7 +763,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-1to2379-masters-mixedinstances-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
@ -781,7 +781,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-2382to4000-masters-mixedinstances-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
@ -790,7 +790,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-4003to65535-masters-mixedinstances-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
@ -799,7 +799,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-udp-1to65535-masters-mixedinstances-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
|
|||
|
|
@ -844,7 +844,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersmixedinstancesexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -856,7 +856,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesmixedinstancesexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -868,48 +868,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -922,7 +880,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp1to2379mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -936,7 +936,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp2382to4000mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -950,7 +950,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingresstcp4003to65535mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -964,7 +964,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesmixedinstancesexamplecomingressudp1to65535mastersmixedinstancesexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -718,33 +718,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.mixedinstances-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -754,7 +727,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -763,7 +736,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-masters-mixedinstances-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -772,7 +763,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-all-0to0-nodes-mixedinstances-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-mixedinstances-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-1to2379-masters-mixedinstances-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
@ -781,7 +781,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-2382to4000-masters-mixedinstances-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
@ -790,7 +790,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-tcp-4003to65535-masters-mixedinstances-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
@ -799,7 +799,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-mixedinstances-example-com-ingress-udp-1to65535-masters-mixedinstances-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-mixedinstances-example-com.id
|
||||
|
|
|
|||
|
|
@ -577,33 +577,6 @@ resource "aws_route53_record" "api-private-shared-subnet-example-com" {
|
|||
zone_id = "/hostedzone/Z1AFAKE1ZON3YO"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -676,7 +649,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -685,7 +658,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-private-shared-subnet-example-com-ingress-all-0to0-masters-private-shared-subnet-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-private-shared-subnet-example-com-ingress-all-0to0-nodes-private-shared-subnet-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -694,7 +685,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-all-0to0-nodes-private-shared-subnet-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-private-shared-subnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-tcp-1to2379-masters-private-shared-subnet-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
|
|
@ -703,7 +703,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-tcp-2382to4000-masters-private-shared-subnet-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
|
|
@ -712,7 +712,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-tcp-4003to65535-masters-private-shared-subnet-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
|
|
@ -721,7 +721,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-private-shared-subnet-example-com-ingress-udp-1to65535-masters-private-shared-subnet-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-private-shared-subnet-example-com.id
|
||||
|
|
|
|||
|
|
@ -765,7 +765,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersprivatecalicoexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -777,7 +777,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesprivatecalicoexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -789,48 +789,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -897,7 +855,35 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterprotocolipip": {
|
||||
"AWSEC2SecurityGroupIngressmastersprivatecalicoexamplecomingressall0to0mastersprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersprivatecalicoexamplecomingressall0to0nodesprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivatecalicoexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingress40to0mastersprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -911,7 +897,21 @@
|
|||
"IpProtocol": "4"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingressall0to0nodesprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivatecalicoexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingresstcp1to2379mastersprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -925,7 +925,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingresstcp2382to4000mastersprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -939,7 +939,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingresstcp4003to65535mastersprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -953,7 +953,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivatecalicoexamplecomingressudp1to65535mastersprivatecalicoexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -657,33 +657,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privatecalico-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -756,7 +729,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -765,7 +738,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecalico-example-com-ingress-all-0to0-masters-privatecalico-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -774,7 +765,7 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-protocol-ipip" {
|
||||
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-4-0to0-masters-privatecalico-example-com" {
|
||||
from_port = 0
|
||||
protocol = "4"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
|
|
@ -783,7 +774,16 @@ resource "aws_security_group_rule" "node-to-master-protocol-ipip" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-all-0to0-nodes-privatecalico-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecalico-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecalico-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-tcp-1to2379-masters-privatecalico-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
|
|
@ -792,7 +792,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-tcp-2382to4000-masters-privatecalico-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
|
|
@ -801,7 +801,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-tcp-4003to65535-masters-privatecalico-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
|
|
@ -810,7 +810,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecalico-example-com-ingress-udp-1to65535-masters-privatecalico-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privatecalico-example-com.id
|
||||
|
|
|
|||
|
|
@ -657,33 +657,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privatecanal-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -756,7 +729,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -765,7 +738,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecanal-example-com-ingress-all-0to0-masters-privatecanal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privatecanal-example-com-ingress-all-0to0-nodes-privatecanal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecanal-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -774,7 +765,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-all-0to0-nodes-privatecanal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecanal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecanal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-tcp-1to2379-masters-privatecanal-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
|
|
@ -783,7 +783,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-tcp-2382to4000-masters-privatecanal-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
|
|
@ -792,7 +792,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-tcp-4003to65535-masters-privatecanal-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
|
|
@ -801,7 +801,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecanal-example-com-ingress-udp-1to65535-masters-privatecanal-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privatecanal-example-com.id
|
||||
|
|
|
|||
|
|
@ -765,7 +765,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersprivateciliumexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -777,7 +777,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesprivateciliumexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -789,48 +789,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -897,7 +855,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp1to2379mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -911,7 +911,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp2382to4000mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -925,7 +925,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp4003to65535mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -939,7 +939,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressudp1to65535mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -657,33 +657,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privatecilium-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -756,7 +729,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -765,7 +738,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-masters-privatecilium-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -774,7 +765,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
@ -783,7 +783,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-2382to4000-masters-privatecilium-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
@ -792,7 +792,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-4003to65535-masters-privatecilium-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
@ -801,7 +801,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-udp-1to65535-masters-privatecilium-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
|
|||
|
|
@ -765,7 +765,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersprivateciliumexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -777,7 +777,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesprivateciliumexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -789,48 +789,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -897,7 +855,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressall0to0nodesprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp1to2379mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -911,7 +911,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp2382to4000mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -925,7 +925,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingresstcp4003to65535mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -939,7 +939,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumexamplecomingressudp1to65535mastersprivateciliumexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -657,33 +657,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privatecilium-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -756,7 +729,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -765,7 +738,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-masters-privatecilium-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -774,7 +765,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-all-0to0-nodes-privatecilium-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatecilium-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-1to2379-masters-privatecilium-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
@ -783,7 +783,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-2382to4000-masters-privatecilium-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
@ -792,7 +792,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-tcp-4003to65535-masters-privatecilium-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
@ -801,7 +801,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatecilium-example-com-ingress-udp-1to65535-masters-privatecilium-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privatecilium-example-com.id
|
||||
|
|
|
|||
|
|
@ -765,7 +765,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressmasteregress": {
|
||||
"AWSEC2SecurityGroupEgressmastersprivateciliumadvancedexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -777,7 +777,7 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupEgressnodeegress": {
|
||||
"AWSEC2SecurityGroupEgressnodesprivateciliumadvancedexamplecomegressall0to000000": {
|
||||
"Type": "AWS::EC2::SecurityGroupEgress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -789,48 +789,6 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertomaster": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallmastertonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressallnodetonode": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressbastiontomasterssh": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
|
|
@ -897,7 +855,49 @@
|
|||
"CidrIp": "0.0.0.0/0"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
|
||||
"AWSEC2SecurityGroupIngressmastersprivateciliumadvancedexamplecomingressall0to0mastersprivateciliumadvancedexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressmastersprivateciliumadvancedexamplecomingressall0to0nodesprivateciliumadvancedexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupmastersprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingressall0to0nodesprivateciliumadvancedexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"SourceSecurityGroupId": {
|
||||
"Ref": "AWSEC2SecurityGroupnodesprivateciliumadvancedexamplecom"
|
||||
},
|
||||
"FromPort": 0,
|
||||
"ToPort": 0,
|
||||
"IpProtocol": "-1"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingresstcp1to2379mastersprivateciliumadvancedexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -911,7 +911,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp23834000": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingresstcp2383to4000mastersprivateciliumadvancedexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -925,7 +925,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingresstcp4003to65535mastersprivateciliumadvancedexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
@ -939,7 +939,7 @@
|
|||
"IpProtocol": "tcp"
|
||||
}
|
||||
},
|
||||
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
|
||||
"AWSEC2SecurityGroupIngressnodesprivateciliumadvancedexamplecomingressudp1to65535mastersprivateciliumadvancedexamplecom": {
|
||||
"Type": "AWS::EC2::SecurityGroupIngress",
|
||||
"Properties": {
|
||||
"GroupId": {
|
||||
|
|
|
|||
|
|
@ -671,33 +671,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privateciliumadvanced-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -770,7 +743,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -779,7 +752,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privateciliumadvanced-example-com-ingress-all-0to0-masters-privateciliumadvanced-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privateciliumadvanced-example-com-ingress-all-0to0-nodes-privateciliumadvanced-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -788,7 +779,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-all-0to0-nodes-privateciliumadvanced-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateciliumadvanced-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-tcp-1to2379-masters-privateciliumadvanced-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
|
|
@ -797,7 +797,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-tcp-2383to4000-masters-privateciliumadvanced-example-com" {
|
||||
from_port = 2383
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
|
|
@ -806,7 +806,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2383-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-tcp-4003to65535-masters-privateciliumadvanced-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
|
|
@ -815,7 +815,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privateciliumadvanced-example-com-ingress-udp-1to65535-masters-privateciliumadvanced-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privateciliumadvanced-example-com.id
|
||||
|
|
|
|||
|
|
@ -730,33 +730,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privatedns1-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -829,7 +802,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -838,7 +811,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatedns1-example-com-ingress-all-0to0-masters-privatedns1-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privatedns1-example-com-ingress-all-0to0-nodes-privatedns1-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatedns1-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -847,7 +838,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-all-0to0-nodes-privatedns1-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns1-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatedns1-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-tcp-1to2379-masters-privatedns1-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
|
|
@ -856,7 +856,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-tcp-2382to4000-masters-privatedns1-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
|
|
@ -865,7 +865,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-tcp-4003to65535-masters-privatedns1-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
|
|
@ -874,7 +874,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns1-example-com-ingress-udp-1to65535-masters-privatedns1-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privatedns1-example-com.id
|
||||
|
|
|
|||
|
|
@ -643,33 +643,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privatedns2-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -742,7 +715,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -751,7 +724,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatedns2-example-com-ingress-all-0to0-masters-privatedns2-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privatedns2-example-com-ingress-all-0to0-nodes-privatedns2-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatedns2-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -760,7 +751,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-all-0to0-nodes-privatedns2-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatedns2-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatedns2-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-tcp-1to2379-masters-privatedns2-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
|
|
@ -769,7 +769,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-tcp-2382to4000-masters-privatedns2-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
|
|
@ -778,7 +778,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-tcp-4003to65535-masters-privatedns2-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
|
|
@ -787,7 +787,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatedns2-example-com-ingress-udp-1to65535-masters-privatedns2-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privatedns2-example-com.id
|
||||
|
|
|
|||
|
|
@ -657,33 +657,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privateflannel-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -756,7 +729,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -765,7 +738,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privateflannel-example-com-ingress-all-0to0-masters-privateflannel-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privateflannel-example-com-ingress-all-0to0-nodes-privateflannel-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privateflannel-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -774,7 +765,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-all-0to0-nodes-privateflannel-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateflannel-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateflannel-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-tcp-1to2379-masters-privateflannel-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
|
|
@ -783,7 +783,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-tcp-2382to4000-masters-privateflannel-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
|
|
@ -792,7 +792,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-tcp-4003to65535-masters-privateflannel-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
|
|
@ -801,7 +801,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privateflannel-example-com-ingress-udp-1to65535-masters-privateflannel-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privateflannel-example-com.id
|
||||
|
|
|
|||
|
|
@ -679,33 +679,6 @@ resource "aws_route" "route-private-us-test-1b-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1b-privatekopeio-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -778,7 +751,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -787,7 +760,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privatekopeio-example-com-ingress-all-0to0-masters-privatekopeio-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privatekopeio-example-com-ingress-all-0to0-nodes-privatekopeio-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -796,7 +787,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-all-0to0-nodes-privatekopeio-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privatekopeio-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-tcp-1to2379-masters-privatekopeio-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
|
|
@ -805,7 +805,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-tcp-2382to4000-masters-privatekopeio-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
|
|
@ -814,7 +814,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-tcp-4003to65535-masters-privatekopeio-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
|
|
@ -823,7 +823,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privatekopeio-example-com-ingress-udp-1to65535-masters-privatekopeio-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privatekopeio-example-com.id
|
||||
|
|
|
|||
|
|
@ -657,33 +657,6 @@ resource "aws_route" "route-private-us-test-1a-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.private-us-test-1a-privateweave-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateweave-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateweave-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -756,7 +729,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -765,7 +738,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-privateweave-example-com-ingress-all-0to0-masters-privateweave-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-privateweave-example-com-ingress-all-0to0-nodes-privateweave-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateweave-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privateweave-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -774,7 +765,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-all-0to0-nodes-privateweave-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-privateweave-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-privateweave-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-tcp-1to2379-masters-privateweave-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
|
|
@ -783,7 +783,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-tcp-2382to4000-masters-privateweave-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
|
|
@ -792,7 +792,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-tcp-4003to65535-masters-privateweave-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
|
|
@ -801,7 +801,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-privateweave-example-com-ingress-udp-1to65535-masters-privateweave-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-privateweave-example-com.id
|
||||
|
|
|
|||
|
|
@ -427,33 +427,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.minimal-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -463,7 +436,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -472,7 +445,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -481,7 +472,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-minimal-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
@ -490,7 +490,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
@ -499,7 +499,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
@ -508,7 +508,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-minimal-example-com.id
|
||||
|
|
|
|||
|
|
@ -365,33 +365,6 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" {
|
|||
user_data = filebase64("${path.module}/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data")
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -401,7 +374,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-sharedsubnet-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -410,7 +383,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-sharedsubnet-example-com-ingress-all-0to0-masters-sharedsubnet-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-sharedsubnet-example-com-ingress-all-0to0-nodes-sharedsubnet-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -419,7 +410,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-all-0to0-nodes-sharedsubnet-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-sharedsubnet-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-1to2379-masters-sharedsubnet-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
|
|
@ -428,7 +428,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-2382to4000-masters-sharedsubnet-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
|
|
@ -437,7 +437,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-tcp-4003to65535-masters-sharedsubnet-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
|
|
@ -446,7 +446,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-sharedsubnet-example-com-ingress-udp-1to65535-masters-sharedsubnet-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-sharedsubnet-example-com.id
|
||||
|
|
|
|||
|
|
@ -386,33 +386,6 @@ resource "aws_route" "route-0-0-0-0--0" {
|
|||
route_table_id = aws_route_table.sharedvpc-example-com.id
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 443
|
||||
|
|
@ -422,7 +395,7 @@ resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-sharedvpc-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -431,7 +404,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-sharedvpc-example-com-ingress-all-0to0-masters-sharedvpc-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-sharedvpc-example-com-ingress-all-0to0-nodes-sharedvpc-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -440,7 +431,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-all-0to0-nodes-sharedvpc-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-sharedvpc-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-1to2379-masters-sharedvpc-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
|
|
@ -449,7 +449,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-2382to4000-masters-sharedvpc-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
|
|
@ -458,7 +458,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-tcp-4003to65535-masters-sharedvpc-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
|
|
@ -467,7 +467,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-sharedvpc-example-com-ingress-udp-1to65535-masters-sharedvpc-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-sharedvpc-example-com.id
|
||||
|
|
|
|||
|
|
@ -582,33 +582,6 @@ resource "aws_route53_record" "api-unmanaged-example-com" {
|
|||
zone_id = "/hostedzone/Z1AFAKE1ZON3YO"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-master" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-master-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "all-node-to-node" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "api-elb-egress" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
|
|
@ -681,7 +654,7 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "master-egress" {
|
||||
resource "aws_security_group_rule" "masters-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -690,7 +663,25 @@ resource "aws_security_group_rule" "master-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-egress" {
|
||||
resource "aws_security_group_rule" "masters-unmanaged-example-com-ingress-all-0to0-masters-unmanaged-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "masters-unmanaged-example-com-ingress-all-0to0-nodes-unmanaged-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
|
||||
source_security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-unmanaged-example-com-egress-all-0to0-0-0-0-0--0" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
|
|
@ -699,7 +690,16 @@ resource "aws_security_group_rule" "node-egress" {
|
|||
type = "egress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
||||
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-all-0to0-nodes-unmanaged-example-com" {
|
||||
from_port = 0
|
||||
protocol = "-1"
|
||||
security_group_id = aws_security_group.nodes-unmanaged-example-com.id
|
||||
source_security_group_id = aws_security_group.nodes-unmanaged-example-com.id
|
||||
to_port = 0
|
||||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-tcp-1to2379-masters-unmanaged-example-com" {
|
||||
from_port = 1
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
|
|
@ -708,7 +708,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
||||
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-tcp-2382to4000-masters-unmanaged-example-com" {
|
||||
from_port = 2382
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
|
|
@ -717,7 +717,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
||||
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-tcp-4003to65535-masters-unmanaged-example-com" {
|
||||
from_port = 4003
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
|
|
@ -726,7 +726,7 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" {
|
|||
type = "ingress"
|
||||
}
|
||||
|
||||
resource "aws_security_group_rule" "node-to-master-udp-1-65535" {
|
||||
resource "aws_security_group_rule" "nodes-unmanaged-example-com-ingress-udp-1to65535-masters-unmanaged-example-com" {
|
||||
from_port = 1
|
||||
protocol = "udp"
|
||||
security_group_id = aws_security_group.masters-unmanaged-example-com.id
|
||||
|
|
|
|||
Loading…
Reference in New Issue