This sets up the rest of the service endpoints on the subnets. It also adds a variable map specifically to grant IP access to the storage buckets. This new variable map is necessary since the azure storage ip rules do not accept /32 CIDR ranges. The rest of the services do support cidr ranges.
30 lines
1000 B
HCL
30 lines
1000 B
HCL
# Task order bucket is required to be accessible publicly by the users.
|
|
# which is why the policy here is "Allow"
|
|
module "task_order_bucket" {
|
|
source = "../../modules/bucket"
|
|
service_name = "jeditasksatat"
|
|
owner = var.owner
|
|
name = var.name
|
|
environment = var.environment
|
|
region = var.region
|
|
policy = "Allow"
|
|
subnet_ids = [module.vpc.subnets]
|
|
whitelist = var.storage_admin_whitelist
|
|
}
|
|
|
|
# TF State should be restricted to admins only, but IP protected
|
|
# This has to be public due to a chicken/egg issue of VPN not
|
|
# existing until TF is run. If this bucket is private, you would
|
|
# not be able to access it when running TF without being on a VPN.
|
|
module "tf_state" {
|
|
source = "../../modules/bucket"
|
|
service_name = "jedidevtfstate"
|
|
owner = var.owner
|
|
name = var.name
|
|
environment = var.environment
|
|
region = var.region
|
|
policy = "Deny"
|
|
subnet_ids = []
|
|
whitelist = var.storage_admin_whitelist
|
|
}
|