Add easy way to expose subnet to the public.
This is a quality of life fix. A single boolean controls whether public HTTP(S) traffic reaches your infrastructure.
This commit is contained in:
parent
e3478a6748
commit
d54f008c62
@ -45,10 +45,10 @@ resource "oci_core_security_list" "public-security-list" {
|
||||
|
||||
ingress_security_rules {
|
||||
stateless = false
|
||||
source = var.ssh_allow_range
|
||||
source = var.go_live ? "0.0.0.0/0" : var.ssh_allow_range
|
||||
source_type = "CIDR_BLOCK"
|
||||
protocol = "6"
|
||||
description = "HTTP traffic"
|
||||
description = "HTTPs traffic"
|
||||
|
||||
tcp_options {
|
||||
min = 443
|
||||
@ -58,10 +58,10 @@ resource "oci_core_security_list" "public-security-list" {
|
||||
|
||||
ingress_security_rules {
|
||||
stateless = false
|
||||
source = var.ssh_allow_range
|
||||
source = var.go_live ? "0.0.0.0/0" : var.ssh_allow_range
|
||||
source_type = "CIDR_BLOCK"
|
||||
protocol = "6"
|
||||
description = "HTTPs traffic"
|
||||
description = "HTTP traffic"
|
||||
|
||||
tcp_options {
|
||||
min = 80
|
||||
|
@ -17,3 +17,4 @@ compartment_name =
|
||||
vm_name =
|
||||
tags =
|
||||
ssh_allow_range =
|
||||
go_live =
|
||||
|
@ -55,6 +55,12 @@ variable "ssh_allow_range" {
|
||||
default = "10.0.0.0/24"
|
||||
}
|
||||
|
||||
variable "go_live" {
|
||||
description = "A value of 'true' opens port 80 and 443 to all traffic from the internet."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
description = "Freeform tags."
|
||||
type = map(any)
|
||||
|
Loading…
Reference in New Issue
Block a user