Inicio Explorar Axuda
Iniciar sesión
bat9go
/
Ycsecurity
réplica de https://github.com/yandex-cloud/yc-solution-library-for-security
Seguir 1
Destacar 0
Fork 0
Ficheiros Incidencias 0 Wiki
Árbore: b4fd5ef18a
Ramas Etiquetas
Ycsecurity
/
network-sec
/
remote-access-vpn
/
keycloak-deploy
/
security.tf

security.tf 798 B
Histórico Raw

12345678910111213141516171819202122232425262728293031323334 
  1. # Create Security Group for Keycloak VM
    2. 

  2. resource "yandex_vpc_security_group" "kc_sg" {
    3. 

  3.   name       = "kc_sg"
    4. 

  4.   description = "Security group for Keycloak"
    5. 

  5.   folder_id  = var.values.folder_id
    6. 

  6.   network_id = var.values.vpc_id
    7. 

  7. 

  8.   egress {
    9. 

  9.     description    = "Permit ALL"
    10. 

  10.     protocol       = "ANY"
    11. 

  11.     v4_cidr_blocks = ["0.0.0.0/0"]
    12. 

  12.   }
    13. 

  13. 

  14.   ingress {
    15. 

  15.     description    = "icmp"
    16. 

  16.     protocol       = "ICMP"
    17. 

  17.     v4_cidr_blocks = var.values.trusted_ip_for_mgmt
    18. 

  18.   }
    19. 

  19. 

  20.   ingress {
    21. 

  21.     description    = "ssh"
    22. 

  22.     protocol       = "TCP"
    23. 

  23.     port           = 22
    24. 

  24.     v4_cidr_blocks = var.values.trusted_ip_for_mgmt
    25. 

  25.   }
    26. 

  26. 

  27.   ingress {
    28. 

  28.     description    = "https"
    29. 

  29.     protocol       = "TCP"
    30. 

  30.     port           = var.values.keycloak.port
    31. 

  31.     v4_cidr_blocks = ["0.0.0.0/0"]
    32. 

  32.   }
    33. 

  33. }
    34. 

  34.