Hi AWS, I have to deploy a web application that supports the following design:
1.The end-users only contact the load balancers and the underlying instance are accessed for management purposes, design a security group scheme which supports the minimal set of ports required for communication.
2. The AWS generated load balancer hostname with be used for request to the public facing web application.
I have to write the terraform code for the same. I wrote the code for Security Group but I am not sure if it is sufficing the requirements asked or not. Here is the code snippet:
resource "aws_security_group" "client_alb" {
name_prefix = "${var.default_tags.project_name}-alb"
description = "security group for web application load balancer"
vpc_id = aws_vpc.main.id
tags = {
Name = "${var.default_tags.project_name}-sg"
}
}
resource "aws_security_group_rule" "client_alb_allow_80" {
security_group_id = aws_security_group.client_alb.id
type = "ingress"
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow HTTP traffic."
}
resource "aws_security_group_rule" "client_alb_allow_443" {
security_group_id = aws_security_group.client_alb.id
type = "ingress"
protocol = "tcp"
from_port = 443
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow HTTP traffic."
}
resource "aws_security_group_rule" "client_alb_allow_outbound" {
security_group_id = aws_security_group.client_alb.id
type = "egress"
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow any outbound traffic."
}
Could someone please review and help me with point 2 as well?
I wrote the code for EC2 Security Groups. This is the complete requirement:
Hi @Gary, I have listed down the requirements that I have been given. Can you please review and help me in figuring things out?