# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 resource "aws_security_group" "bastion_access" { name_prefix = "bastion_access" description = "Allow SSH inbound traffic to bastion host" vpc_id = "${var.vpc}" ingress { from_port = 22 to_port = 22 protocol = "tcp" prefix_list_ids = ["${var.ingress_prefix}"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { Name = "bastion_access" Project = "${var.ProjectTag}" Environment = "${var.Environment}" } } resource "aws_security_group" "mongo_private" { name_prefix = "mongo_private" description = "Allow all intra-Mongo traffic plus client and bastion access" vpc_id = "${var.vpc}" ingress { from_port = 22 to_port = 22 protocol = "tcp" security_groups = ["${aws_security_group.bastion_access.id}"] } ingress { from_port = 27017 to_port = 27017 protocol = "tcp" security_groups = ["${aws_security_group.mongo_client.id}"] } ingress { from_port = 0 to_port = 0 protocol = "-1" self = true } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { Name = "mongo_private" Project = "${var.ProjectTag}" Environment = "${var.Environment}" } } resource "aws_security_group" "mongo_client" { name_prefix = "mongo_client" description = "Allow client access to Mongo" vpc_id = "${var.vpc}" ingress { from_port = 22 to_port = 22 protocol = "tcp" security_groups = ["${aws_security_group.bastion_access.id}"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags { Name = "mongo_client" Project = "${var.ProjectTag}" Environment = "${var.Environment}" } } resource "aws_iam_instance_profile" "mongo_profile" { name_prefix = "mongo_profile" role = "${aws_iam_role.mongo_ec2_role.name}" } resource "aws_iam_role" "mongo_ec2_role" { name_prefix = "mongo_ec2_role" path = "/" assume_role_policy = <