locals { fsx_subnets = var.deployment_type == "SINGLE_AZ_2" ? toset([data.aws_subnets.selected.ids[0]]) : toset(flatten([data.aws_subnets.selected.ids])) tcp_ports = [135, 445, 636, 5985, 9389, 53, 88, 389, 464] udp_ports = [53, 123, 88, 389, 464] all_ports = { 3268 = { protocol = "tcp" from_port = 3268 to_port = 3269 } ephimeral = { protocol = "tcp" from_port = 49152 to_port = 65535 } } } # Fetch subnets data "aws_subnets" "selected" { filter { name = "tag:Name" values = [var.fsx_attach_subnet_filter] } filter { name = "vpc-id" values = [var.vpc_id] } } # FSx for windows (AWS Managed Microsoft Active Directory) resource "aws_fsx_windows_file_system" "example" { active_directory_id = var.active_directory_id kms_key_id = var.fsx_kms_key storage_capacity = var.storage_capacity storage_type = var.storage_type subnet_ids = local.fsx_subnets throughput_capacity = var.throughput_capacity security_group_ids = [aws_security_group.fsx_sg.id] deployment_type = var.deployment_type preferred_subnet_id = var.preferred_subnet_id != "" ? var.preferred_subnet_id : data.aws_subnets.selected.ids[0] tags = merge( { "Name" = var.fsx_name }, local.common_tags ) timeouts { create = "1h" delete = "1h" } } # FSx Security Group resource "aws_security_group" "fsx_sg" { name = "${var.fsx_name}-sg" description = "FSx access" vpc_id = var.vpc_id dynamic "ingress" { for_each = length(var.fsx_ingress_prefix_ids) > 0 ? [true] : [] content { description = "smb connections" from_port = 445 to_port = 445 protocol = "tcp" prefix_list_ids = var.fsx_ingress_prefix_ids } } dynamic "ingress" { for_each = toset(local.tcp_ports) content { description = "description ${ingress.key}" from_port = ingress.value to_port = ingress.value protocol = "tcp" cidr_blocks = var.fsx_ingress_cidr_blocks } } dynamic "ingress" { for_each = toset(local.udp_ports) content { description = "description ${ingress.key}" from_port = ingress.value to_port = ingress.value protocol = "udp" cidr_blocks = var.fsx_ingress_cidr_blocks } } dynamic "ingress" { for_each = local.all_ports content { description = "description ${ingress.key}" from_port = ingress.value.from_port to_port = ingress.value.to_port protocol = ingress.value.protocol cidr_blocks = var.fsx_ingress_cidr_blocks } } tags = merge( local.common_tags, { Name = "${var.fsx_name}-sg" }, ) } resource "aws_security_group_rule" "egress" { security_group_id = aws_security_group.fsx_sg.id type = "egress" description = "Public Internet" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] }