datasource vpc for nwsecurity group

hackforla · Oct 3, 2024 · 2d2ddb1 · 2d2ddb1
1 parent c2f4670
commit 2d2ddb1
Showing 1 changed file with 32 additions and 4 deletions.
diff --git a/terraform-incubator/home-unite-us/dev/main.tf b/terraform-incubator/home-unite-us/dev/main.tf
@@ -4,7 +4,7 @@ provider "aws" {
 }
 
 
-resource "aws_lb_target_group" "this" {
+resource "aws_lb_target_group" "homeuniteus" {
   target_type          = "ip"
   name                 = local.app_name
   port                 = 80
@@ -27,7 +27,7 @@ resource "aws_lb_target_group" "this" {
   }
 }
 
-resource "aws_lb_listener_rule" "static" {
+resource "aws_lb_listener_rule" "homeuniteus" {
   listener_arn = local.listener_arn
 
   action {
@@ -54,8 +54,13 @@ resource "aws_lb_listener_rule" "static" {
 }
 
 
+data "aws_vpc" "incubator" {
+  id = local.vpc_id
+}
+
+
 # aws_ecs_task_definition.task:
-resource "aws_ecs_task_definition" "task" {
+resource "aws_ecs_task_definition" "homeuniteus" {
   container_definitions = jsonencode(
     [
       {
@@ -101,8 +106,31 @@ resource "aws_ecs_task_definition" "task" {
 }
 
 
+resource "aws_security_group" "fargate" {
+  name        = "ecs_fargate_${local.app_name}"
+  description = "Allow TLS inbound traffic"
+  vpc_id      = local.vpc_id
+
+  ingress {
+    description = "All Internal traffic"
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = [data.aws_vpc.incubator.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = { Name = "ecs_container_instance_${local.app_name}" }
+}
+
 
-resource "aws_ecs_service" "fargate" {
+resource "aws_ecs_service" "homeuniteus" {
   name                   = "homeuniteus"
   cluster                = "arn:aws:ecs:us-west-2:035866691871:cluster/incubator-prod"
   enable_execute_command = true