From b82d7eb4ef4e39d31ffa6d71474f9ac6cf97e1e7 Mon Sep 17 00:00:00 2001 From: Miguel Ferreira Date: Thu, 14 Nov 2019 16:34:32 +0100 Subject: [PATCH] Add ActiveMQ rules --- README.md | 4 +- modules/README.md | 1 + modules/activemq/README.md | 98 +++++++++ modules/activemq/auto_values.tf | 79 +++++++ modules/activemq/main.tf | 114 ++++++++++ modules/activemq/outputs.tf | 24 ++ modules/activemq/variables.tf | 342 +++++++++++++++++++++++++++++ modules/carbon-relay-ng/outputs.tf | 1 - modules/cassandra/outputs.tf | 1 - modules/consul/outputs.tf | 1 - modules/docker-swarm/outputs.tf | 1 - modules/elasticsearch/outputs.tf | 1 - modules/http-80/outputs.tf | 1 - modules/http-8080/outputs.tf | 1 - modules/https-443/outputs.tf | 1 - modules/https-8443/outputs.tf | 1 - modules/ipsec-4500/outputs.tf | 1 - modules/ipsec-500/outputs.tf | 1 - modules/kafka/outputs.tf | 1 - modules/ldaps/outputs.tf | 1 - modules/memcached/outputs.tf | 1 - modules/mongodb/outputs.tf | 1 - modules/mssql/outputs.tf | 1 - modules/mysql/outputs.tf | 1 - modules/nfs/outputs.tf | 1 - modules/nomad/outputs.tf | 1 - modules/ntp/outputs.tf | 1 - modules/openvpn/outputs.tf | 1 - modules/oracle-db/outputs.tf | 1 - modules/postgresql/outputs.tf | 1 - modules/puppet/outputs.tf | 1 - modules/rabbitmq/outputs.tf | 1 - modules/rdp/outputs.tf | 1 - modules/redis/outputs.tf | 1 - modules/redshift/outputs.tf | 1 - modules/splunk/README.md | 2 +- modules/splunk/auto_values.tf | 2 +- modules/splunk/outputs.tf | 1 - modules/squid/outputs.tf | 1 - modules/ssh/outputs.tf | 1 - modules/storm/outputs.tf | 1 - modules/web/outputs.tf | 1 - modules/winrm/outputs.tf | 1 - modules/zipkin/outputs.tf | 1 - modules/zookeeper/outputs.tf | 1 - rules.tf | 13 +- 46 files changed, 674 insertions(+), 41 deletions(-) create mode 100644 modules/activemq/README.md create mode 100644 modules/activemq/auto_values.tf create mode 100644 modules/activemq/main.tf create mode 100644 modules/activemq/outputs.tf create mode 100644 modules/activemq/variables.tf diff --git a/README.md b/README.md index 8ac61334..fa819e36 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| auto\_groups | Map of groups of security group rules to use to generate modules (see update_groups.sh) | map(map(list(string))) | `{ "carbon-relay-ng": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp" ], "ingress_with_self": [ "all-all" ] } ], "cassandra": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp" ], "ingress_with_self": [ "all-all" ] } ], "consul": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp" ], "ingress_with_self": [ "all-all" ] } ], "docker-swarm": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp" ], "ingress_with_self": [ "all-all" ] } ], "elasticsearch": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "elasticsearch-rest-tcp", "elasticsearch-java-tcp" ], "ingress_with_self": [ "all-all" ] } ], "http-80": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-80-tcp" ], "ingress_with_self": [ "all-all" ] } ], "http-8080": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-8080-tcp" ], "ingress_with_self": [ "all-all" ] } ], "https-443": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "https-443-tcp" ], "ingress_with_self": [ "all-all" ] } ], "https-8443": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "https-8443-tcp" ], "ingress_with_self": [ "all-all" ] } ], "ipsec-4500": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ipsec-4500-udp" ], "ingress_with_self": [ "all-all" ] } ], "ipsec-500": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ipsec-500-udp" ], "ingress_with_self": [ "all-all" ] } ], "kafka": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "kafka-broker-tcp" ], "ingress_with_self": [ "all-all" ] } ], "ldaps": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ldaps-tcp" ], "ingress_with_self": [ "all-all" ] } ], "memcached": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "memcached-tcp" ], "ingress_with_self": [ "all-all" ] } ], "mongodb": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp" ], "ingress_with_self": [ "all-all" ] } ], "mssql": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp" ], "ingress_with_self": [ "all-all" ] } ], "mysql": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "mysql-tcp" ], "ingress_with_self": [ "all-all" ] } ], "nfs": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "nfs-tcp" ], "ingress_with_self": [ "all-all" ] } ], "nomad": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp" ], "ingress_with_self": [ "all-all" ] } ], "ntp": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ntp-udp" ], "ingress_with_self": [ "all-all" ] } ], "openvpn": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "openvpn-udp", "openvpn-tcp", "openvpn-https-tcp" ], "ingress_with_self": [ "all-all" ] } ], "oracle-db": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "oracle-db-tcp" ], "ingress_with_self": [ "all-all" ] } ], "postgresql": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "postgresql-tcp" ], "ingress_with_self": [ "all-all" ] } ], "puppet": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "puppet-tcp", "puppetdb-tcp" ], "ingress_with_self": [ "all-all" ] } ], "rabbitmq": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp" ], "ingress_with_self": [ "all-all" ] } ], "rdp": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "rdp-tcp", "rdp-udp" ], "ingress_with_self": [ "all-all" ] } ], "redis": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "redis-tcp" ], "ingress_with_self": [ "all-all" ] } ], "redshift": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "redshift-tcp" ], "ingress_with_self": [ "all-all" ] } ], "splunk": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "splunk-indexer-tcp", "splunk-web-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp" ], "ingress_with_self": [ "all-all" ] } ], "squid": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "squid-proxy-tcp" ], "ingress_with_self": [ "all-all" ] } ], "ssh": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ssh-tcp" ], "ingress_with_self": [ "all-all" ] } ], "storm": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp" ], "ingress_with_self": [ "all-all" ] } ], "web": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp" ], "ingress_with_self": [ "all-all" ] } ], "winrm": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "winrm-http-tcp", "winrm-https-tcp" ], "ingress_with_self": [ "all-all" ] } ], "zipkin": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp" ], "ingress_with_self": [ "all-all" ] } ], "zookeeper": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp" ], "ingress_with_self": [ "all-all" ] } ] }` | no | +| auto\_groups | Map of groups of security group rules to use to generate modules (see update_groups.sh) | map(map(list(string))) | `{ "activemq": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp" ], "ingress_with_self": [ "all-all" ] } ], "carbon-relay-ng": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp" ], "ingress_with_self": [ "all-all" ] } ], "cassandra": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp" ], "ingress_with_self": [ "all-all" ] } ], "consul": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp" ], "ingress_with_self": [ "all-all" ] } ], "docker-swarm": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp" ], "ingress_with_self": [ "all-all" ] } ], "elasticsearch": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "elasticsearch-rest-tcp", "elasticsearch-java-tcp" ], "ingress_with_self": [ "all-all" ] } ], "http-80": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-80-tcp" ], "ingress_with_self": [ "all-all" ] } ], "http-8080": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-8080-tcp" ], "ingress_with_self": [ "all-all" ] } ], "https-443": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "https-443-tcp" ], "ingress_with_self": [ "all-all" ] } ], "https-8443": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "https-8443-tcp" ], "ingress_with_self": [ "all-all" ] } ], "ipsec-4500": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ipsec-4500-udp" ], "ingress_with_self": [ "all-all" ] } ], "ipsec-500": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ipsec-500-udp" ], "ingress_with_self": [ "all-all" ] } ], "kafka": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "kafka-broker-tcp" ], "ingress_with_self": [ "all-all" ] } ], "ldaps": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ldaps-tcp" ], "ingress_with_self": [ "all-all" ] } ], "memcached": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "memcached-tcp" ], "ingress_with_self": [ "all-all" ] } ], "mongodb": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp" ], "ingress_with_self": [ "all-all" ] } ], "mssql": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp" ], "ingress_with_self": [ "all-all" ] } ], "mysql": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "mysql-tcp" ], "ingress_with_self": [ "all-all" ] } ], "nfs": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "nfs-tcp" ], "ingress_with_self": [ "all-all" ] } ], "nomad": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp" ], "ingress_with_self": [ "all-all" ] } ], "ntp": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ntp-udp" ], "ingress_with_self": [ "all-all" ] } ], "openvpn": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "openvpn-udp", "openvpn-tcp", "openvpn-https-tcp" ], "ingress_with_self": [ "all-all" ] } ], "oracle-db": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "oracle-db-tcp" ], "ingress_with_self": [ "all-all" ] } ], "postgresql": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "postgresql-tcp" ], "ingress_with_self": [ "all-all" ] } ], "puppet": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "puppet-tcp", "puppetdb-tcp" ], "ingress_with_self": [ "all-all" ] } ], "rabbitmq": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp" ], "ingress_with_self": [ "all-all" ] } ], "rdp": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "rdp-tcp", "rdp-udp" ], "ingress_with_self": [ "all-all" ] } ], "redis": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "redis-tcp" ], "ingress_with_self": [ "all-all" ] } ], "redshift": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "redshift-tcp" ], "ingress_with_self": [ "all-all" ] } ], "splunk": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp" ], "ingress_with_self": [ "all-all" ] } ], "squid": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "squid-proxy-tcp" ], "ingress_with_self": [ "all-all" ] } ], "ssh": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "ssh-tcp" ], "ingress_with_self": [ "all-all" ] } ], "storm": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp" ], "ingress_with_self": [ "all-all" ] } ], "web": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp" ], "ingress_with_self": [ "all-all" ] } ], "winrm": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "winrm-http-tcp", "winrm-https-tcp" ], "ingress_with_self": [ "all-all" ] } ], "zipkin": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp" ], "ingress_with_self": [ "all-all" ] } ], "zookeeper": [ { "egress_rules": [ "all-all" ], "ingress_rules": [ "zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp" ], "ingress_with_self": [ "all-all" ] } ] }` | no | | computed\_egress\_rules | List of computed egress rules to create by name | list(string) | `[]` | no | | computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no | | computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no | @@ -201,7 +201,7 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | number | `"0"` | no | | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | number | `"0"` | no | | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | number | `"0"` | no | -| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | map(list(any)) | `{ "_": [ "", "", "" ], "all-all": [ -1, -1, "-1", "All protocols" ], "all-icmp": [ -1, -1, "icmp", "All IPV4 ICMP" ], "all-ipv6-icmp": [ -1, -1, 58, "All IPV6 ICMP" ], "all-tcp": [ 0, 65535, "tcp", "All TCP ports" ], "all-udp": [ 0, 65535, "udp", "All UDP ports" ], "carbon-admin-tcp": [ 2004, 2004, "tcp", "Carbon admin" ], "carbon-gui-udp": [ 8081, 8081, "tcp", "Carbon GUI" ], "carbon-line-in-tcp": [ 2003, 2003, "tcp", "Carbon line-in" ], "carbon-line-in-udp": [ 2003, 2003, "udp", "Carbon line-in" ], "carbon-pickle-tcp": [ 2013, 2013, "tcp", "Carbon pickle" ], "carbon-pickle-udp": [ 2013, 2013, "udp", "Carbon pickle" ], "cassandra-clients-tcp": [ 9042, 9042, "tcp", "Cassandra clients" ], "cassandra-jmx-tcp": [ 7199, 7199, "tcp", "JMX" ], "cassandra-thrift-clients-tcp": [ 9160, 9160, "tcp", "Cassandra Thrift clients" ], "consul-cli-rpc-tcp": [ 8400, 8400, "tcp", "Consul CLI RPC" ], "consul-dns-tcp": [ 8600, 8600, "tcp", "Consul DNS" ], "consul-dns-udp": [ 8600, 8600, "udp", "Consul DNS" ], "consul-serf-lan-tcp": [ 8301, 8301, "tcp", "Serf LAN" ], "consul-serf-lan-udp": [ 8301, 8301, "udp", "Serf LAN" ], "consul-serf-wan-tcp": [ 8302, 8302, "tcp", "Serf WAN" ], "consul-serf-wan-udp": [ 8302, 8302, "udp", "Serf WAN" ], "consul-tcp": [ 8300, 8300, "tcp", "Consul server" ], "consul-webui-tcp": [ 8500, 8500, "tcp", "Consul web UI" ], "dns-tcp": [ 53, 53, "tcp", "DNS" ], "dns-udp": [ 53, 53, "udp", "DNS" ], "docker-swarm-mngmt-tcp": [ 2377, 2377, "tcp", "Docker Swarm cluster management" ], "docker-swarm-node-tcp": [ 7946, 7946, "tcp", "Docker Swarm node" ], "docker-swarm-node-udp": [ 7946, 7946, "udp", "Docker Swarm node" ], "docker-swarm-overlay-udp": [ 4789, 4789, "udp", "Docker Swarm Overlay Network Traffic" ], "elasticsearch-java-tcp": [ 9300, 9300, "tcp", "Elasticsearch Java interface" ], "elasticsearch-rest-tcp": [ 9200, 9200, "tcp", "Elasticsearch REST interface" ], "http-80-tcp": [ 80, 80, "tcp", "HTTP" ], "http-8080-tcp": [ 8080, 8080, "tcp", "HTTP" ], "https-443-tcp": [ 443, 443, "tcp", "HTTPS" ], "https-8443-tcp": [ 8443, 8443, "tcp", "HTTPS" ], "ipsec-4500-udp": [ 4500, 4500, "udp", "IPSEC NAT-T" ], "ipsec-500-udp": [ 500, 500, "udp", "IPSEC ISAKMP" ], "kafka-broker-tcp": [ 9092, 9092, "tcp", "Kafka broker 0.8.2+" ], "ldaps-tcp": [ 636, 636, "tcp", "LDAPS" ], "memcached-tcp": [ 11211, 11211, "tcp", "Memcached" ], "mongodb-27017-tcp": [ 27017, 27017, "tcp", "MongoDB" ], "mongodb-27018-tcp": [ 27018, 27018, "tcp", "MongoDB shard" ], "mongodb-27019-tcp": [ 27019, 27019, "tcp", "MongoDB config server" ], "mssql-analytics-tcp": [ 2383, 2383, "tcp", "MSSQL Analytics" ], "mssql-broker-tcp": [ 4022, 4022, "tcp", "MSSQL Broker" ], "mssql-tcp": [ 1433, 1433, "tcp", "MSSQL Server" ], "mssql-udp": [ 1434, 1434, "udp", "MSSQL Browser" ], "mysql-tcp": [ 3306, 3306, "tcp", "MySQL/Aurora" ], "nfs-tcp": [ 2049, 2049, "tcp", "NFS/EFS" ], "nomad-http-tcp": [ 4646, 4646, "tcp", "Nomad HTTP" ], "nomad-rpc-tcp": [ 4647, 4647, "tcp", "Nomad RPC" ], "nomad-serf-tcp": [ 4648, 4648, "tcp", "Serf" ], "nomad-serf-udp": [ 4648, 4648, "udp", "Serf" ], "ntp-udp": [ 123, 123, "udp", "NTP" ], "openvpn-https-tcp": [ 443, 443, "tcp", "OpenVPN" ], "openvpn-tcp": [ 943, 943, "tcp", "OpenVPN" ], "openvpn-udp": [ 1194, 1194, "udp", "OpenVPN" ], "oracle-db-tcp": [ 1521, 1521, "tcp", "Oracle" ], "postgresql-tcp": [ 5432, 5432, "tcp", "PostgreSQL" ], "puppet-tcp": [ 8140, 8140, "tcp", "Puppet" ], "puppetdb-tcp": [ 8081, 8081, "tcp", "PuppetDB" ], "rabbitmq-15672-tcp": [ 15672, 15672, "tcp", "RabbitMQ" ], "rabbitmq-25672-tcp": [ 25672, 25672, "tcp", "RabbitMQ" ], "rabbitmq-4369-tcp": [ 4369, 4369, "tcp", "RabbitMQ epmd" ], "rabbitmq-5671-tcp": [ 5671, 5671, "tcp", "RabbitMQ" ], "rabbitmq-5672-tcp": [ 5672, 5672, "tcp", "RabbitMQ" ], "rdp-tcp": [ 3389, 3389, "tcp", "Remote Desktop" ], "rdp-udp": [ 3389, 3389, "udp", "Remote Desktop" ], "redis-tcp": [ 6379, 6379, "tcp", "Redis" ], "redshift-tcp": [ 5439, 5439, "tcp", "Redshift" ], "splunk-clients-tcp": [ 8080, 8080, "tcp", "Splunk clients" ], "splunk-hec-tcp": [ 8088, 8088, "tcp", "Splunk HEC" ], "splunk-indexer-tcp": [ 9997, 9997, "tcp", "Splunk indexer" ], "splunk-splunkd-tcp": [ 8089, 8089, "tcp", "Splunkd" ], "squid-proxy-tcp": [ 3128, 3128, "tcp", "Squid default proxy" ], "ssh-tcp": [ 22, 22, "tcp", "SSH" ], "storm-nimbus-tcp": [ 6627, 6627, "tcp", "Nimbus" ], "storm-supervisor-tcp": [ 6700, 6703, "tcp", "Supervisor" ], "storm-ui-tcp": [ 8080, 8080, "tcp", "Storm UI" ], "web-jmx-tcp": [ 1099, 1099, "tcp", "JMX" ], "winrm-http-tcp": [ 5985, 5985, "tcp", "WinRM HTTP" ], "winrm-https-tcp": [ 5986, 5986, "tcp", "WinRM HTTPS" ], "zipkin-admin-query-tcp": [ 9901, 9901, "tcp", "Zipkin Admin port query" ], "zipkin-admin-tcp": [ 9990, 9990, "tcp", "Zipkin Admin port collector" ], "zipkin-admin-web-tcp": [ 9991, 9991, "tcp", "Zipkin Admin port web" ], "zipkin-query-tcp": [ 9411, 9411, "tcp", "Zipkin query port" ], "zipkin-web-tcp": [ 8080, 8080, "tcp", "Zipkin web port" ], "zookeeper-2181-tcp": [ 2181, 2181, "tcp", "Zookeeper" ], "zookeeper-2888-tcp": [ 2888, 2888, "tcp", "Zookeeper" ], "zookeeper-3888-tcp": [ 3888, 3888, "tcp", "Zookeeper" ], "zookeeper-jmx-tcp": [ 7199, 7199, "tcp", "JMX" ] }` | no | +| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | map(list(any)) | `{ "_": [ "", "", "" ], "activemq-5671-tcp": [ 5671, 5671, "tcp", "ActiveMQ AMQP" ], "activemq-61614-tcp": [ 61614, 61614, "tcp", "ActiveMQ STOMP" ], "activemq-61617-tcp": [ 61617, 61617, "tcp", "ActiveMQ OpenWire" ], "activemq-61619-tcp": [ 61619, 61619, "tcp", "ActiveMQ WebSocket" ], "activemq-8883-tcp": [ 8883, 8883, "tcp", "ActiveMQ MQTT" ], "all-all": [ -1, -1, "-1", "All protocols" ], "all-icmp": [ -1, -1, "icmp", "All IPV4 ICMP" ], "all-ipv6-icmp": [ -1, -1, 58, "All IPV6 ICMP" ], "all-tcp": [ 0, 65535, "tcp", "All TCP ports" ], "all-udp": [ 0, 65535, "udp", "All UDP ports" ], "carbon-admin-tcp": [ 2004, 2004, "tcp", "Carbon admin" ], "carbon-gui-udp": [ 8081, 8081, "tcp", "Carbon GUI" ], "carbon-line-in-tcp": [ 2003, 2003, "tcp", "Carbon line-in" ], "carbon-line-in-udp": [ 2003, 2003, "udp", "Carbon line-in" ], "carbon-pickle-tcp": [ 2013, 2013, "tcp", "Carbon pickle" ], "carbon-pickle-udp": [ 2013, 2013, "udp", "Carbon pickle" ], "cassandra-clients-tcp": [ 9042, 9042, "tcp", "Cassandra clients" ], "cassandra-jmx-tcp": [ 7199, 7199, "tcp", "JMX" ], "cassandra-thrift-clients-tcp": [ 9160, 9160, "tcp", "Cassandra Thrift clients" ], "consul-cli-rpc-tcp": [ 8400, 8400, "tcp", "Consul CLI RPC" ], "consul-dns-tcp": [ 8600, 8600, "tcp", "Consul DNS" ], "consul-dns-udp": [ 8600, 8600, "udp", "Consul DNS" ], "consul-serf-lan-tcp": [ 8301, 8301, "tcp", "Serf LAN" ], "consul-serf-lan-udp": [ 8301, 8301, "udp", "Serf LAN" ], "consul-serf-wan-tcp": [ 8302, 8302, "tcp", "Serf WAN" ], "consul-serf-wan-udp": [ 8302, 8302, "udp", "Serf WAN" ], "consul-tcp": [ 8300, 8300, "tcp", "Consul server" ], "consul-webui-tcp": [ 8500, 8500, "tcp", "Consul web UI" ], "dns-tcp": [ 53, 53, "tcp", "DNS" ], "dns-udp": [ 53, 53, "udp", "DNS" ], "docker-swarm-mngmt-tcp": [ 2377, 2377, "tcp", "Docker Swarm cluster management" ], "docker-swarm-node-tcp": [ 7946, 7946, "tcp", "Docker Swarm node" ], "docker-swarm-node-udp": [ 7946, 7946, "udp", "Docker Swarm node" ], "docker-swarm-overlay-udp": [ 4789, 4789, "udp", "Docker Swarm Overlay Network Traffic" ], "elasticsearch-java-tcp": [ 9300, 9300, "tcp", "Elasticsearch Java interface" ], "elasticsearch-rest-tcp": [ 9200, 9200, "tcp", "Elasticsearch REST interface" ], "http-80-tcp": [ 80, 80, "tcp", "HTTP" ], "http-8080-tcp": [ 8080, 8080, "tcp", "HTTP" ], "https-443-tcp": [ 443, 443, "tcp", "HTTPS" ], "https-8443-tcp": [ 8443, 8443, "tcp", "HTTPS" ], "ipsec-4500-udp": [ 4500, 4500, "udp", "IPSEC NAT-T" ], "ipsec-500-udp": [ 500, 500, "udp", "IPSEC ISAKMP" ], "kafka-broker-tcp": [ 9092, 9092, "tcp", "Kafka broker 0.8.2+" ], "ldaps-tcp": [ 636, 636, "tcp", "LDAPS" ], "memcached-tcp": [ 11211, 11211, "tcp", "Memcached" ], "mongodb-27017-tcp": [ 27017, 27017, "tcp", "MongoDB" ], "mongodb-27018-tcp": [ 27018, 27018, "tcp", "MongoDB shard" ], "mongodb-27019-tcp": [ 27019, 27019, "tcp", "MongoDB config server" ], "mssql-analytics-tcp": [ 2383, 2383, "tcp", "MSSQL Analytics" ], "mssql-broker-tcp": [ 4022, 4022, "tcp", "MSSQL Broker" ], "mssql-tcp": [ 1433, 1433, "tcp", "MSSQL Server" ], "mssql-udp": [ 1434, 1434, "udp", "MSSQL Browser" ], "mysql-tcp": [ 3306, 3306, "tcp", "MySQL/Aurora" ], "nfs-tcp": [ 2049, 2049, "tcp", "NFS/EFS" ], "nomad-http-tcp": [ 4646, 4646, "tcp", "Nomad HTTP" ], "nomad-rpc-tcp": [ 4647, 4647, "tcp", "Nomad RPC" ], "nomad-serf-tcp": [ 4648, 4648, "tcp", "Serf" ], "nomad-serf-udp": [ 4648, 4648, "udp", "Serf" ], "ntp-udp": [ 123, 123, "udp", "NTP" ], "openvpn-https-tcp": [ 443, 443, "tcp", "OpenVPN" ], "openvpn-tcp": [ 943, 943, "tcp", "OpenVPN" ], "openvpn-udp": [ 1194, 1194, "udp", "OpenVPN" ], "oracle-db-tcp": [ 1521, 1521, "tcp", "Oracle" ], "postgresql-tcp": [ 5432, 5432, "tcp", "PostgreSQL" ], "puppet-tcp": [ 8140, 8140, "tcp", "Puppet" ], "puppetdb-tcp": [ 8081, 8081, "tcp", "PuppetDB" ], "rabbitmq-15672-tcp": [ 15672, 15672, "tcp", "RabbitMQ" ], "rabbitmq-25672-tcp": [ 25672, 25672, "tcp", "RabbitMQ" ], "rabbitmq-4369-tcp": [ 4369, 4369, "tcp", "RabbitMQ epmd" ], "rabbitmq-5671-tcp": [ 5671, 5671, "tcp", "RabbitMQ" ], "rabbitmq-5672-tcp": [ 5672, 5672, "tcp", "RabbitMQ" ], "rdp-tcp": [ 3389, 3389, "tcp", "Remote Desktop" ], "rdp-udp": [ 3389, 3389, "udp", "Remote Desktop" ], "redis-tcp": [ 6379, 6379, "tcp", "Redis" ], "redshift-tcp": [ 5439, 5439, "tcp", "Redshift" ], "splunk-hec-tcp": [ 8088, 8088, "tcp", "Splunk HEC" ], "splunk-indexer-tcp": [ 9997, 9997, "tcp", "Splunk indexer" ], "splunk-splunkd-tcp": [ 8089, 8089, "tcp", "Splunkd" ], "splunk-web-tcp": [ 8000, 8000, "tcp", "Splunk Web" ], "squid-proxy-tcp": [ 3128, 3128, "tcp", "Squid default proxy" ], "ssh-tcp": [ 22, 22, "tcp", "SSH" ], "storm-nimbus-tcp": [ 6627, 6627, "tcp", "Nimbus" ], "storm-supervisor-tcp": [ 6700, 6703, "tcp", "Supervisor" ], "storm-ui-tcp": [ 8080, 8080, "tcp", "Storm UI" ], "web-jmx-tcp": [ 1099, 1099, "tcp", "JMX" ], "winrm-http-tcp": [ 5985, 5985, "tcp", "WinRM HTTP" ], "winrm-https-tcp": [ 5986, 5986, "tcp", "WinRM HTTPS" ], "zipkin-admin-query-tcp": [ 9901, 9901, "tcp", "Zipkin Admin port query" ], "zipkin-admin-tcp": [ 9990, 9990, "tcp", "Zipkin Admin port collector" ], "zipkin-admin-web-tcp": [ 9991, 9991, "tcp", "Zipkin Admin port web" ], "zipkin-query-tcp": [ 9411, 9411, "tcp", "Zipkin query port" ], "zipkin-web-tcp": [ 8080, 8080, "tcp", "Zipkin web port" ], "zookeeper-2181-tcp": [ 2181, 2181, "tcp", "Zookeeper" ], "zookeeper-2888-tcp": [ 2888, 2888, "tcp", "Zookeeper" ], "zookeeper-3888-tcp": [ 3888, 3888, "tcp", "Zookeeper" ], "zookeeper-jmx-tcp": [ 7199, 7199, "tcp", "JMX" ] }` | no | | tags | A mapping of tags to assign to security group | map(string) | `{}` | no | | use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | bool | `"true"` | no | | vpc\_id | ID of the VPC where to create security group | string | n/a | yes | diff --git a/modules/README.md b/modules/README.md index a1bb4555..7ae9f6ba 100644 --- a/modules/README.md +++ b/modules/README.md @@ -2,6 +2,7 @@ List of Security Groups implemented as Terraform modules ======================================================== +* [activemq](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/activemq) * [carbon-relay-ng](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/carbon-relay-ng) * [cassandra](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/cassandra) * [consul](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/consul) diff --git a/modules/activemq/README.md b/modules/activemq/README.md new file mode 100644 index 00000000..92042502 --- /dev/null +++ b/modules/activemq/README.md @@ -0,0 +1,98 @@ +# activemq - AWS EC2-VPC Security Group Terraform module + +## Usage + +```hcl +module "activemq_security_group" { + source = "terraform-aws-modules/security-group/aws//modules/activemq" + version = "~> 3.0" + + # omitted... +} +``` + +All automatic values **activemq module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/activemq/auto_values.tf). + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list(string) | `[]` | no | +| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list(map(string)) | `[]` | no | +| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list(string) | `[]` | no | +| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list(map(string)) | `[]` | no | +| auto\_egress\_rules | List of egress rules to add automatically | list(string) | `[ "all-all" ]` | no | +| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list(map(string)) | `[]` | no | +| auto\_ingress\_rules | List of ingress rules to add automatically | list(string) | `[ "activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp" ]` | no | +| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list(map(string)) | `[ { "rule": "all-all" } ]` | no | +| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | number | `"0"` | no | +| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | number | `"0"` | no | +| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | number | `"0"` | no | +| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | number | `"0"` | no | +| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list(string) | `[ "0.0.0.0/0" ]` | no | +| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list(string) | `[ "::/0" ]` | no | +| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list(string) | `[]` | no | +| computed\_egress\_rules | List of computed egress rules to create by name | list(string) | `[]` | no | +| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no | +| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no | +| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list(map(string)) | `[]` | no | +| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no | +| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list(string) | `[]` | no | +| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list(string) | `[]` | no | +| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list(string) | `[]` | no | +| computed\_ingress\_rules | List of computed ingress rules to create by name | list(string) | `[]` | no | +| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no | +| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no | +| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list(map(string)) | `[]` | no | +| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no | +| create | Whether to create security group and all rules | bool | `"true"` | no | +| description | Description of security group | string | `"Security Group managed by Terraform"` | no | +| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list(string) | `[ "0.0.0.0/0" ]` | no | +| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list(string) | `[ "::/0" ]` | no | +| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list(string) | `[]` | no | +| egress\_rules | List of egress rules to create by name | list(string) | `[]` | no | +| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no | +| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no | +| egress\_with\_self | List of egress rules to create where 'self' is defined | list(map(string)) | `[]` | no | +| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no | +| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list(string) | `[]` | no | +| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list(string) | `[]` | no | +| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list(string) | `[]` | no | +| ingress\_rules | List of ingress rules to create by name | list(string) | `[]` | no | +| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no | +| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no | +| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list(map(string)) | `[]` | no | +| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no | +| name | Name of security group | string | n/a | yes | +| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | number | `"0"` | no | +| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | number | `"0"` | no | +| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | number | `"0"` | no | +| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | number | `"0"` | no | +| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | number | `"0"` | no | +| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | number | `"0"` | no | +| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | number | `"0"` | no | +| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | number | `"0"` | no | +| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | number | `"0"` | no | +| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | number | `"0"` | no | +| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | number | `"0"` | no | +| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | number | `"0"` | no | +| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | number | `"0"` | no | +| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | number | `"0"` | no | +| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | number | `"0"` | no | +| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | number | `"0"` | no | +| tags | A mapping of tags to assign to security group | map(string) | `{}` | no | +| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | bool | `"true"` | no | +| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| this\_security\_group\_description | The description of the security group | +| this\_security\_group\_id | The ID of the security group | +| this\_security\_group\_name | The name of the security group | +| this\_security\_group\_owner\_id | The owner ID | +| this\_security\_group\_vpc\_id | The VPC ID | + + diff --git a/modules/activemq/auto_values.tf b/modules/activemq/auto_values.tf new file mode 100644 index 00000000..1d8afcde --- /dev/null +++ b/modules/activemq/auto_values.tf @@ -0,0 +1,79 @@ +# This file was generated from values defined in rules.tf using update_groups.sh. +################################### +# DO NOT CHANGE THIS FILE MANUALLY +################################### + +variable "auto_ingress_rules" { + description = "List of ingress rules to add automatically" + type = list(string) + default = ["activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp"] +} + +variable "auto_ingress_with_self" { + description = "List of maps defining ingress rules with self to add automatically" + type = list(map(string)) + default = [{ "rule" = "all-all" }] +} + +variable "auto_egress_rules" { + description = "List of egress rules to add automatically" + type = list(string) + default = ["all-all"] +} + +variable "auto_egress_with_self" { + description = "List of maps defining egress rules with self to add automatically" + type = list(map(string)) + default = [] +} + +# Computed +variable "auto_computed_ingress_rules" { + description = "List of ingress rules to add automatically" + type = list(string) + default = [] +} + +variable "auto_computed_ingress_with_self" { + description = "List of maps defining computed ingress rules with self to add automatically" + type = list(map(string)) + default = [] +} + +variable "auto_computed_egress_rules" { + description = "List of computed egress rules to add automatically" + type = list(string) + default = [] +} + +variable "auto_computed_egress_with_self" { + description = "List of maps defining computed egress rules with self to add automatically" + type = list(map(string)) + default = [] +} + +# Number of computed rules +variable "auto_number_of_computed_ingress_rules" { + description = "Number of computed ingress rules to create by name" + type = number + default = 0 +} + +variable "auto_number_of_computed_ingress_with_self" { + description = "Number of computed ingress rules to create where 'self' is defined" + type = number + default = 0 +} + +variable "auto_number_of_computed_egress_rules" { + description = "Number of computed egress rules to create by name" + type = number + default = 0 +} + +variable "auto_number_of_computed_egress_with_self" { + description = "Number of computed egress rules to create where 'self' is defined" + type = number + default = 0 +} + diff --git a/modules/activemq/main.tf b/modules/activemq/main.tf new file mode 100644 index 00000000..2c85546f --- /dev/null +++ b/modules/activemq/main.tf @@ -0,0 +1,114 @@ +module "sg" { + source = "../../" + + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags + + ########## + # Ingress + ########## + # Rules by names - open for default CIDR + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) + + # Open for self + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) + + # Open to IPv4 cidr blocks + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks + + # Open to IPv6 cidr blocks + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks + + # Open for security group id + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id + + # Default ingress CIDR blocks + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + + # Default prefix list ids + ingress_prefix_list_ids = var.ingress_prefix_list_ids + + ################### + # Computed Ingress + ################### + # Rules by names - open for default CIDR + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) + + # Open for self + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) + + # Open to IPv4 cidr blocks + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks + + # Open to IPv6 cidr blocks + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks + + # Open for security group id + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id + + ############################# + # Number of computed ingress + ############################# + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id + + ######### + # Egress + ######### + # Rules by names - open for default CIDR + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) + + # Open for self + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) + + # Open to IPv4 cidr blocks + egress_with_cidr_blocks = var.egress_with_cidr_blocks + + # Open to IPv6 cidr blocks + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks + + # Open for security group id + egress_with_source_security_group_id = var.egress_with_source_security_group_id + + # Default egress CIDR blocks + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + + # Default prefix list ids + egress_prefix_list_ids = var.egress_prefix_list_ids + + ################## + # Computed Egress + ################## + # Rules by names - open for default CIDR + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) + + # Open for self + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) + + # Open to IPv4 cidr blocks + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks + + # Open to IPv6 cidr blocks + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks + + # Open for security group id + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id + + ############################# + # Number of computed egress + ############################# + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id +} diff --git a/modules/activemq/outputs.tf b/modules/activemq/outputs.tf new file mode 100644 index 00000000..3d7ad67f --- /dev/null +++ b/modules/activemq/outputs.tf @@ -0,0 +1,24 @@ +output "this_security_group_id" { + description = "The ID of the security group" + value = module.sg.this_security_group_id +} + +output "this_security_group_vpc_id" { + description = "The VPC ID" + value = module.sg.this_security_group_vpc_id +} + +output "this_security_group_owner_id" { + description = "The owner ID" + value = module.sg.this_security_group_owner_id +} + +output "this_security_group_name" { + description = "The name of the security group" + value = module.sg.this_security_group_name +} + +output "this_security_group_description" { + description = "The description of the security group" + value = module.sg.this_security_group_description +} diff --git a/modules/activemq/variables.tf b/modules/activemq/variables.tf new file mode 100644 index 00000000..354b9e37 --- /dev/null +++ b/modules/activemq/variables.tf @@ -0,0 +1,342 @@ +################# +# Security group +################# +variable "create" { + description = "Whether to create security group and all rules" + type = bool + default = true +} + +variable "vpc_id" { + description = "ID of the VPC where to create security group" + type = string +} + +variable "name" { + description = "Name of security group" + type = string +} + +variable "use_name_prefix" { + description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool + default = true +} + +variable "description" { + description = "Description of security group" + type = string + default = "Security Group managed by Terraform" +} + +variable "tags" { + description = "A mapping of tags to assign to security group" + type = map(string) + default = {} +} + +########## +# Ingress +########## +variable "ingress_rules" { + description = "List of ingress rules to create by name" + type = list(string) + default = [] +} + +variable "ingress_with_self" { + description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) + default = [] +} + +variable "ingress_with_cidr_blocks" { + description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "ingress_with_ipv6_cidr_blocks" { + description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "ingress_with_source_security_group_id" { + description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) + default = [] +} + +variable "ingress_cidr_blocks" { + description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) + default = [] +} + +variable "ingress_ipv6_cidr_blocks" { + description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) + default = [] +} + +variable "ingress_prefix_list_ids" { + description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) + default = [] +} + +################### +# Computed Ingress +################### +variable "computed_ingress_rules" { + description = "List of computed ingress rules to create by name" + type = list(string) + default = [] +} + +variable "computed_ingress_with_self" { + description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) + default = [] +} + +variable "computed_ingress_with_cidr_blocks" { + description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "computed_ingress_with_ipv6_cidr_blocks" { + description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "computed_ingress_with_source_security_group_id" { + description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) + default = [] +} + +variable "computed_ingress_cidr_blocks" { + description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) + default = [] +} + +variable "computed_ingress_ipv6_cidr_blocks" { + description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) + default = [] +} + +variable "computed_ingress_prefix_list_ids" { + description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) + default = [] +} + +################################### +# Number of computed ingress rules +################################### +variable "number_of_computed_ingress_rules" { + description = "Number of computed ingress rules to create by name" + type = number + default = 0 +} + +variable "number_of_computed_ingress_with_self" { + description = "Number of computed ingress rules to create where 'self' is defined" + type = number + default = 0 +} + +variable "number_of_computed_ingress_with_cidr_blocks" { + description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number + default = 0 +} + +variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { + description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number + default = 0 +} + +variable "number_of_computed_ingress_with_source_security_group_id" { + description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number + default = 0 +} + +variable "number_of_computed_ingress_cidr_blocks" { + description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number + default = 0 +} + +variable "number_of_computed_ingress_ipv6_cidr_blocks" { + description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number + default = 0 +} + +variable "number_of_computed_ingress_prefix_list_ids" { + description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number + default = 0 +} + +######### +# Egress +######### +variable "egress_rules" { + description = "List of egress rules to create by name" + type = list(string) + default = [] +} + +variable "egress_with_self" { + description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) + default = [] +} + +variable "egress_with_cidr_blocks" { + description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "egress_with_ipv6_cidr_blocks" { + description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "egress_with_source_security_group_id" { + description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) + default = [] +} + +variable "egress_cidr_blocks" { + description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) + default = ["0.0.0.0/0"] +} + +variable "egress_ipv6_cidr_blocks" { + description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) + default = ["::/0"] +} + +variable "egress_prefix_list_ids" { + description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) + default = [] +} + +################## +# Computed Egress +################## +variable "computed_egress_rules" { + description = "List of computed egress rules to create by name" + type = list(string) + default = [] +} + +variable "computed_egress_with_self" { + description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) + default = [] +} + +variable "computed_egress_with_cidr_blocks" { + description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "computed_egress_with_ipv6_cidr_blocks" { + description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) + default = [] +} + +variable "computed_egress_with_source_security_group_id" { + description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) + default = [] +} + +variable "computed_egress_cidr_blocks" { + description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) + default = ["0.0.0.0/0"] +} + +variable "computed_egress_ipv6_cidr_blocks" { + description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) + default = ["::/0"] +} + +variable "computed_egress_prefix_list_ids" { + description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) + default = [] +} + +################################## +# Number of computed egress rules +################################## +variable "number_of_computed_egress_rules" { + description = "Number of computed egress rules to create by name" + type = number + default = 0 +} + +variable "number_of_computed_egress_with_self" { + description = "Number of computed egress rules to create where 'self' is defined" + type = number + default = 0 +} + +variable "number_of_computed_egress_with_cidr_blocks" { + description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number + default = 0 +} + +variable "number_of_computed_egress_with_ipv6_cidr_blocks" { + description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number + default = 0 +} + +variable "number_of_computed_egress_with_source_security_group_id" { + description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number + default = 0 +} + +variable "number_of_computed_egress_cidr_blocks" { + description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number + default = 0 +} + +variable "number_of_computed_egress_ipv6_cidr_blocks" { + description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number + default = 0 +} + +variable "number_of_computed_egress_prefix_list_ids" { + description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number + default = 0 +} diff --git a/modules/carbon-relay-ng/outputs.tf b/modules/carbon-relay-ng/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/carbon-relay-ng/outputs.tf +++ b/modules/carbon-relay-ng/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/cassandra/outputs.tf b/modules/cassandra/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/cassandra/outputs.tf +++ b/modules/cassandra/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/consul/outputs.tf b/modules/consul/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/consul/outputs.tf +++ b/modules/consul/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/docker-swarm/outputs.tf b/modules/docker-swarm/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/docker-swarm/outputs.tf +++ b/modules/docker-swarm/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/elasticsearch/outputs.tf b/modules/elasticsearch/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/elasticsearch/outputs.tf +++ b/modules/elasticsearch/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/http-80/outputs.tf b/modules/http-80/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/http-80/outputs.tf +++ b/modules/http-80/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/http-8080/outputs.tf b/modules/http-8080/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/http-8080/outputs.tf +++ b/modules/http-8080/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/https-443/outputs.tf b/modules/https-443/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/https-443/outputs.tf +++ b/modules/https-443/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/https-8443/outputs.tf b/modules/https-8443/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/https-8443/outputs.tf +++ b/modules/https-8443/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/ipsec-4500/outputs.tf b/modules/ipsec-4500/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/ipsec-4500/outputs.tf +++ b/modules/ipsec-4500/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/ipsec-500/outputs.tf b/modules/ipsec-500/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/ipsec-500/outputs.tf +++ b/modules/ipsec-500/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/kafka/outputs.tf b/modules/kafka/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/kafka/outputs.tf +++ b/modules/kafka/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/ldaps/outputs.tf b/modules/ldaps/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/ldaps/outputs.tf +++ b/modules/ldaps/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/memcached/outputs.tf b/modules/memcached/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/memcached/outputs.tf +++ b/modules/memcached/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/mongodb/outputs.tf b/modules/mongodb/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/mongodb/outputs.tf +++ b/modules/mongodb/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/mssql/outputs.tf b/modules/mssql/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/mssql/outputs.tf +++ b/modules/mssql/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/mysql/outputs.tf b/modules/mysql/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/mysql/outputs.tf +++ b/modules/mysql/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/nfs/outputs.tf b/modules/nfs/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/nfs/outputs.tf +++ b/modules/nfs/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/nomad/outputs.tf b/modules/nomad/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/nomad/outputs.tf +++ b/modules/nomad/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/ntp/outputs.tf b/modules/ntp/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/ntp/outputs.tf +++ b/modules/ntp/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/openvpn/outputs.tf b/modules/openvpn/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/openvpn/outputs.tf +++ b/modules/openvpn/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/oracle-db/outputs.tf b/modules/oracle-db/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/oracle-db/outputs.tf +++ b/modules/oracle-db/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/postgresql/outputs.tf b/modules/postgresql/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/postgresql/outputs.tf +++ b/modules/postgresql/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/puppet/outputs.tf b/modules/puppet/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/puppet/outputs.tf +++ b/modules/puppet/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/rabbitmq/outputs.tf b/modules/rabbitmq/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/rabbitmq/outputs.tf +++ b/modules/rabbitmq/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/rdp/outputs.tf b/modules/rdp/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/rdp/outputs.tf +++ b/modules/rdp/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/redis/outputs.tf b/modules/redis/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/redis/outputs.tf +++ b/modules/redis/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/redshift/outputs.tf b/modules/redshift/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/redshift/outputs.tf +++ b/modules/redshift/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/splunk/README.md b/modules/splunk/README.md index efa783ce..476d9479 100644 --- a/modules/splunk/README.md +++ b/modules/splunk/README.md @@ -24,7 +24,7 @@ All automatic values **splunk module** is using are available [here](https://git | auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list(map(string)) | `[]` | no | | auto\_egress\_rules | List of egress rules to add automatically | list(string) | `[ "all-all" ]` | no | | auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list(map(string)) | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list(string) | `[ "splunk-indexer-tcp", "splunk-web-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp" ]` | no | +| auto\_ingress\_rules | List of ingress rules to add automatically | list(string) | `[ "splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp" ]` | no | | auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list(map(string)) | `[ { "rule": "all-all" } ]` | no | | auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | number | `"0"` | no | | auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | number | `"0"` | no | diff --git a/modules/splunk/auto_values.tf b/modules/splunk/auto_values.tf index e8ff5476..d16c5b64 100644 --- a/modules/splunk/auto_values.tf +++ b/modules/splunk/auto_values.tf @@ -6,7 +6,7 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" type = list(string) - default = ["splunk-indexer-tcp", "splunk-web-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"] + default = ["splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"] } variable "auto_ingress_with_self" { diff --git a/modules/splunk/outputs.tf b/modules/splunk/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/splunk/outputs.tf +++ b/modules/splunk/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/squid/outputs.tf b/modules/squid/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/squid/outputs.tf +++ b/modules/squid/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/ssh/outputs.tf b/modules/ssh/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/ssh/outputs.tf +++ b/modules/ssh/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/storm/outputs.tf b/modules/storm/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/storm/outputs.tf +++ b/modules/storm/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/web/outputs.tf b/modules/web/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/web/outputs.tf +++ b/modules/web/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/winrm/outputs.tf b/modules/winrm/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/winrm/outputs.tf +++ b/modules/winrm/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/zipkin/outputs.tf b/modules/zipkin/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/zipkin/outputs.tf +++ b/modules/zipkin/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/modules/zookeeper/outputs.tf b/modules/zookeeper/outputs.tf index 235ad34d..3d7ad67f 100644 --- a/modules/zookeeper/outputs.tf +++ b/modules/zookeeper/outputs.tf @@ -22,4 +22,3 @@ output "this_security_group_description" { description = "The description of the security group" value = module.sg.this_security_group_description } - diff --git a/rules.tf b/rules.tf index 4df0b795..19ea0342 100644 --- a/rules.tf +++ b/rules.tf @@ -5,6 +5,12 @@ variable "rules" { # Protocols (tcp, udp, icmp, all - are allowed keywords) or numbers (from https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml): # All = -1, IPV4-ICMP = 1, TCP = 6, UDP = 16, IPV6-ICMP = 58 default = { + # ActiveMQ + activemq-5671-tcp = [5671, 5671, "tcp", "ActiveMQ AMQP"] + activemq-8883-tcp = [8883, 8883, "tcp", "ActiveMQ MQTT"] + activemq-61614-tcp = [61614, 61614, "tcp", "ActiveMQ STOMP"] + activemq-61617-tcp = [61617, 61617, "tcp", "ActiveMQ OpenWire"] + activemq-61619-tcp = [61619, 61619, "tcp", "ActiveMQ WebSocket"] # Carbon relay carbon-line-in-tcp = [2003, 2003, "tcp", "Carbon line-in"] carbon-line-in-udp = [2003, 2003, "udp", "Carbon line-in"] @@ -98,7 +104,7 @@ variable "rules" { redshift-tcp = [5439, 5439, "tcp", "Redshift"] # Splunk splunk-indexer-tcp = [9997, 9997, "tcp", "Splunk indexer"] - splunk-web-tcp = [8000, 8000, "tcp", "Splunk Web"] + splunk-web-tcp = [8000, 8000, "tcp", "Splunk Web"] splunk-splunkd-tcp = [8089, 8089, "tcp", "Splunkd"] splunk-hec-tcp = [8088, 8088, "tcp", "Splunk HEC"] # Squid @@ -142,6 +148,11 @@ variable "auto_groups" { # Valid keys - ingress_rules, egress_rules, ingress_with_self, egress_with_self default = { + activemq = { + ingress_rules = ["activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp"] + ingress_with_self = ["all-all"] + egress_rules = ["all-all"] + } carbon-relay-ng = { ingress_rules = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"] ingress_with_self = ["all-all"]