Puppet Class: psick::aws::puppet::sg
- Defined in:
- manifests/aws/puppet/sg.pp
Overview
Setup security groups
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'manifests/aws/puppet/sg.pp', line 2
class psick::aws::puppet::sg (
String $ensure = 'present',
String $region = $psick::aws::region,
String $default_vpc_name = $psick::aws::default_vpc_name,
Boolean $create_defaults = $psick::aws::create_defaults,
String $default_cidr_block_prefix = $psick::aws::default_cidr_block_prefix,
Hash $ec2_securitygroups = {},
Boolean $manage = $psick::manage,
Boolean $noop_manage = $psick::noop_manage,
Boolean $noop_value = $psick::noop_value,
) {
if $manage {
if $noop_manage {
noop($noop_value)
}
# Default resources, if enabled
if $create_defaults {
$default_ec2_securitygroups = {
'public-ssh' => {
description => 'Public access to SSH TCP 22',
ingress => [{
'cidr' => "${default_cidr_block_prefix}.0.0/16",
'from_port' => '0',
'to_port' => '0',
'protocol' => '-1',
},
{
'cidr' => '0.0.0.0/0',
'from_port' => '22',
'protocol' => 'tcp',
'to_port' => '22',
},
{
'cidr' => '0.0.0.0/0',
'from_port' => '1194',
'protocol' => 'tcp',
'to_port' => '1194',
}],
tags => {
'Name' => "${default_vpc_name}-public-ssh",
},
},
'public-http' => {
description => 'Public access to HTTP TCP 80 and 443',
ingress => [{
'cidr' => '0.0.0.0/0',
'from_port' => '80',
'protocol' => 'tcp',
'to_port' => '80',
},
{
'cidr' => '0.0.0.0/0',
'from_port' => '443',
'protocol' => 'tcp',
'to_port' => '443',
}],
tags => {
'Name' => "${default_vpc_name}-public-http",
},
},
'private-mysql' => {
description => 'Private access access to MYSQL 3306',
ingress => [{
'cidr' => "${default_cidr_block_prefix}.0.0/16",
'from_port' => '3306',
'protocol' => 'tcp',
'to_port' => '3306',
}],
tags => {
'Name' => "${default_vpc_name}-private-mysql",
},
},
'private-ci' => {
description => 'Access to CI from internal nodes',
ingress => [{
'cidr' => "${default_cidr_block_prefix}.0.0/16",
'from_port' => '8080',
'protocol' => 'tcp',
'to_port' => '8080',
}],
tags => {
'Name' => "${default_vpc_name}-private-ci",
},
},
'private-ssh' => {
description => 'Access to SSH from internal nodes',
ingress => [{
'cidr' => "${default_cidr_block_prefix}.0.0/16",
'from_port' => '0',
'to_port' => '0',
'protocol' => '-1',
},
{
'cidr' => "${default_cidr_block_prefix}.0.0/16",
'from_port' => '22',
'protocol' => 'tcp',
'to_port' => '22',
}],
tags => {
'Name' => "${default_vpc_name}-private-ssh",
},
},
}
} else {
$default_ec2_securitygroups = {}
}
$all_ec2_securitygroups = $ec2_securitygroups+$default_ec2_securitygroups
# VPC
$ec2_securitygroups_defaults = {
ensure => $ensure,
region => $region,
vpc => $default_vpc_name,
}
if $all_ec2_securitygroups != {} {
create_resources('ec2_securitygroup',$all_ec2_securitygroups,$ec2_securitygroups_defaults)
}
}
}
|