Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added possibility to specify allowed IPv6 CIDR blocks #30

Merged
merged 2 commits into from
Jun 14, 2017
Merged

Added possibility to specify allowed IPv6 CIDR blocks #30

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
15c151b
Added possibility to specify allowed IPv6 CIDR blocks
antonbabenko Jun 13, 2017
6b43152
Updated Changelog
antonbabenko Jun 13, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
## 1.2.4

FEATURES:

* [GH-30] - Added possibility to specify IPv6 CIDR blocks to allow SSH access (antonbabenko)

## 1.2.3

FEATURES:

* [GH-29] - Added Ability to pass a list of security groups to allow SSH access (tfhartmann)
* [GH-29] - Added ability to pass a list of security groups to allow SSH access (tfhartmann)

## 1.2.2

Expand Down
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ Only SSH access is allowed to the bastion host.
* `associate_public_ip_address` - Whether to auto-assign public IP to the instance (by default - `false`)
* `eip` - EIP to put into EC2 tag (can be used with scripts like https://github.com/skymill/aws-ec2-assign-elastic-ip, default - empty value)
* `key_name` - Launch configuration key name to be applied to created instance(s).
* `allowed_cidr` - A list of CIDR Networks to allow ssh access to. Defaults to 0.0.0.0/0
* `allowed_cidr` - A list of CIDR Networks to allow ssh access to. Defaults to "0.0.0.0/0"
* `allowed_ipv6_cidr` - A list of IPv6 CIDR Networks to allow ssh access to. Defaults to "::/0"
* `allowed_security_groups` - A list of Security Group ID's to allow access to the bastion host (useful if bastion is deployed internally) Defaults to empty list

## Outputs:
Expand Down
2 changes: 2 additions & 0 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ resource "aws_security_group_rule" "ssh_ingress" {
to_port = "22"
protocol = "tcp"
cidr_blocks = "${var.allowed_cidr}"
ipv6_cidr_blocks = "${var.allowed_ipv6_cidr}"
security_group_id = "${aws_security_group.bastion.id}"
}

Expand All @@ -33,6 +34,7 @@ resource "aws_security_group_rule" "bastion_all_egress" {
to_port = "65535"
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_group_id = "${aws_security_group.bastion.id}"
}

Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ variable "allowed_cidr" {
description = "A list of CIDR Networks to allow ssh access to."
}

variable "allowed_ipv6_cidr" {
type = "list"
default = ["::/0"]
description = "A list of IPv6 CIDR Networks to allow ssh access to."
}

variable "allowed_security_groups" {
type = "list"
default = []
Expand Down