Merge pull request #51 from appuio/feat/vshn-lbaas-exoscale/allow-ssh…

…-from-anywhere vshn-lbaas-exoscale: Update LB security group to allow SSH to the LBs from anywhere
appuio · Feb 15, 2024 · e14d7f4 · e14d7f4
2 parents f694423 + 08d4437
commit e14d7f4
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/modules/vshn-lbaas-exoscale/security_groups.tf b/modules/vshn-lbaas-exoscale/security_groups.tf
@@ -14,6 +14,28 @@ resource "exoscale_security_group" "load_balancers" {
   description = "${var.cluster_id} load balancer VMs"
 }
 
+resource "exoscale_security_group_rule" "load_balancers_ssh_v4" {
+  security_group_id = exoscale_security_group.load_balancers.id
+
+  description = "SSH Access from anywhere on the LBs"
+  type        = "INGRESS"
+  protocol    = "TCP"
+  start_port  = "22"
+  end_port    = "22"
+  cidr        = "0.0.0.0/0"
+}
+
+resource "exoscale_security_group_rule" "load_balancers_ssh_v6" {
+  security_group_id = exoscale_security_group.load_balancers.id
+
+  description = "SSH Access from anywhere on the LBs"
+  type        = "INGRESS"
+  protocol    = "TCP"
+  start_port  = "22"
+  end_port    = "22"
+  cidr        = "::/0"
+}
+
 resource "exoscale_security_group_rule" "load_balancers_tcp4" {
   for_each = local.open_ports_tcp