Deploying Load balancer - allow certain IPs only

giovanni.decillis · December 13, 2022, 6:45pm

Hi,

I am learning Terraform following the project described in the book “Terraform up and running”.

I have managed to reproduce all the examples up to chapter 2 so far.
Now I would like to deploy a load balancer creating a security group inbound rule that gives access to custom IPs only, not all traffic.

So, if I define a security group resource in this way:

resource "aws_security_group" "instance" {
  name = var.security_group_name
  ingress {
    from_port   = var.server_port
    to_port     = var.server_port
    protocol    = "tcp"
    cidr_blocks = [<custom ip address in place of  "0.0.0.0/0">]

What else and how do I need to modify in the main.tf file?

Thanks!

giovanni.decillis · December 14, 2022, 5:33pm

Actually, the instance security group should not be changed.
The custom IP must be specified in the load balancer security group instead.

So it looks like this:

resource "aws_security_group" "alb" {

  name = "terraform-example-alb"

  # Allow inbound HTTP requests
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [<allowed IPs>]
  }

  # Allow all outbound requests
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}