pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds IP whitelisting to storage buckets

Browse Source
This commit is contained in:
Rob Gil
2020-01-23 10:02:31 -05:00
parent d22357e609
commit 48482785ac
4 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
terraform/providers/dev/buckets.tf
View File

@@ -1,3 +1,5 @@
# Task order bucket is required to be accessible publicly by the users.
# which is why the policy here is "Allow"
module "task_order_bucket" {
source = "../../modules/bucket"
service_name = "jeditasksatat"
@@ -5,10 +7,15 @@ module "task_order_bucket" {
name = var.name
environment = var.environment
region = var.region
policy = "Deny"
policy = "Allow"
subnet_ids = [module.vpc.subnets]
whitelist = var.admin_user_whitelist
}
# TF State should be restricted to admins only, but IP protected
# This has to be public due to a chicken/egg issue of VPN not
# existing until TF is run. If this bucket is private, you would
# not be able to access it when running TF without being on a VPN.
module "tf_state" {
source = "../../modules/bucket"
service_name = "jedidevtfstate"
@@ -16,6 +23,7 @@ module "tf_state" {
name = var.name
environment = var.environment
region = var.region
policy = "Allow"
policy = "Deny"
subnet_ids = []
whitelist = var.admin_user_whitelist
}