resource "aws_security_group" "alb" { name = "${var.name}-sg-alb-${var.environment}" vpc_id = var.vpc_id ingress { protocol = "tcp" from_port = 80 to_port = 80 cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { protocol = "tcp" from_port = 22 to_port = 22 cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { protocol = "tcp" from_port = 8080 to_port = 8080 cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } # ingress { # protocol = "tcp" # from_port = 8081 # to_port = 8081 # cidr_blocks = ["0.0.0.0/0"] # ipv6_cidr_blocks = ["::/0"] # } ingress { protocol = "tcp" from_port = 443 to_port = 443 cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } egress { protocol = "-1" from_port = 0 to_port = 0 cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } tags = { Name = "${var.name}-sg-alb-${var.environment}" Environment = var.environment } } resource "aws_security_group" "ecs_tasks" { name = "${var.name}-sg-task-${var.environment}" vpc_id = var.vpc_id ingress { protocol = "-1" from_port = 0 to_port = 0 cidr_blocks = [var.vpc_cidr] } egress { protocol = "-1" from_port = 0 to_port = 0 cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } tags = { Name = "${var.name}-sg-task-${var.environment}" Environment = var.environment } } resource "aws_security_group" "database" { name = "${var.name}-sg-database-${var.environment}" vpc_id = var.vpc_id ingress { protocol = "-1" from_port = 0 to_port = 0 cidr_blocks = [var.vpc_cidr] } egress { protocol = "-1" from_port = 0 to_port = 0 cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } tags = { Name = "${var.name}-sg-database-${var.environment}" Environment = var.environment } } output "alb" { value = aws_security_group.alb.id } output "ecs_tasks" { value = aws_security_group.ecs_tasks.id } output "database" { value = aws_security_group.database.id }