1 files changed, 59 insertions, 0 deletions

diff --git a/sg.tf b/sg.tf
new file mode 100644
index 0000000..c8776d6
--- /dev/null
+++ b/sg.tf
@@ -0,0 +1,59 @@
+resource "aws_security_group" "external_ssh_accept_sg" {
+  name        = "${var.vpc-name}_external_ssh_accept_sg"
+  description = "${var.vpc-name}_external_ssh_accept_sg"
+  vpc_id      = "${aws_vpc.fundapp_demo_aws_vpc.id}"
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "app_sg" {
+  name        = "${var.vpc_name}_app_sg"
+  description = "${var.vpc_name}_app_sg"
+  vpc_id      = "${aws_vpc.fundapp_demo_vpc.id}"
+
+  ingress {
+    from_port       = 80
+    to_port         = 80
+    protocol        = "tcp"
+    security_groups = ["${aws_security_group.app_elb_sg.id}"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "app_elb_sg" {
+  name        = "${var.vpc_name}_app_elb_sg"
+  description = "${var.vpc_name}_app_elb_sg"
+  vpc_id      = "${aws_vpc.fundapp_demo_vpc.id}"
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}