Add easy way to expose subnet to the public.
This is a quality of life fix. A single boolean controls whether public HTTP(S) traffic reaches your infrastructure.
This commit is contained in:
parent
e3478a6748
commit
d54f008c62
@ -45,10 +45,10 @@ resource "oci_core_security_list" "public-security-list" {
|
|||||||
|
|
||||||
ingress_security_rules {
|
ingress_security_rules {
|
||||||
stateless = false
|
stateless = false
|
||||||
source = var.ssh_allow_range
|
source = var.go_live ? "0.0.0.0/0" : var.ssh_allow_range
|
||||||
source_type = "CIDR_BLOCK"
|
source_type = "CIDR_BLOCK"
|
||||||
protocol = "6"
|
protocol = "6"
|
||||||
description = "HTTP traffic"
|
description = "HTTPs traffic"
|
||||||
|
|
||||||
tcp_options {
|
tcp_options {
|
||||||
min = 443
|
min = 443
|
||||||
@ -58,10 +58,10 @@ resource "oci_core_security_list" "public-security-list" {
|
|||||||
|
|
||||||
ingress_security_rules {
|
ingress_security_rules {
|
||||||
stateless = false
|
stateless = false
|
||||||
source = var.ssh_allow_range
|
source = var.go_live ? "0.0.0.0/0" : var.ssh_allow_range
|
||||||
source_type = "CIDR_BLOCK"
|
source_type = "CIDR_BLOCK"
|
||||||
protocol = "6"
|
protocol = "6"
|
||||||
description = "HTTPs traffic"
|
description = "HTTP traffic"
|
||||||
|
|
||||||
tcp_options {
|
tcp_options {
|
||||||
min = 80
|
min = 80
|
||||||
|
@ -17,3 +17,4 @@ compartment_name =
|
|||||||
vm_name =
|
vm_name =
|
||||||
tags =
|
tags =
|
||||||
ssh_allow_range =
|
ssh_allow_range =
|
||||||
|
go_live =
|
||||||
|
@ -55,6 +55,12 @@ variable "ssh_allow_range" {
|
|||||||
default = "10.0.0.0/24"
|
default = "10.0.0.0/24"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "go_live" {
|
||||||
|
description = "A value of 'true' opens port 80 and 443 to all traffic from the internet."
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
|
}
|
||||||
|
|
||||||
variable "tags" {
|
variable "tags" {
|
||||||
description = "Freeform tags."
|
description = "Freeform tags."
|
||||||
type = map(any)
|
type = map(any)
|
||||||
|
Loading…
Reference in New Issue
Block a user