datasaker-demo update

terraform/aws_instance/datasaker-demo/security_group.tf

@@ -0,0 +1,73 @@
+resource "aws_security_group" "dskdemo-allow-security" {
+  name        = "dskdemo-allow-security-new"
+  description = "Allow inbound traffic"
+  vpc_id      = var.VPC_ID
+
+  ingress {
+    description      = "SSH"
+    from_port        = 22
+    to_port          = 22
+    protocol         = "tcp"
+    cidr_blocks      =  ["118.223.123.161/32"]
+  }
+  ingress {
+    description      = "etcd"
+    from_port        = 2379
+    to_port          = 2380
+    protocol         = "tcp"
+    cidr_blocks      =  ["172.24.2.0/24"]
+  }
+  ingress {
+    description      = "kubelet api"
+    from_port        = 10250
+    to_port          = 10250
+    protocol         = "tcp"
+    cidr_blocks      =  ["172.24.2.0/24"]
+  }
+  ingress {
+    description      = "Cilium Geneve or VXLAN"
+    from_port        = 8472
+    to_port          = 8472
+    protocol         = "tcp"
+    cidr_blocks      =  ["172.24.2.0/24"]
+  }
+  ingress {
+    description      = "Cilium Health Check"
+    from_port        = 4240
+    to_port          = 4240
+    protocol         = "tcp"
+    cidr_blocks      =  ["172.24.2.0/24"]
+  }
+  ingress {
+    description      = "api-server"
+    from_port        = 6443
+    to_port          = 6443
+    protocol         = "tcp"
+    cidr_blocks      =  ["172.24.2.0/24"]
+  }
+  ingress {
+    description      = "node port range"
+    from_port        = 30000
+    to_port          = 32767
+    protocol         = "tcp"
+    cidr_blocks      =  ["172.24.2.0/24"]
+  }
+  ingress {
+    description      = "Cilium Operator"
+    from_port        = 2379
+    to_port          = 2379
+    protocol         = "tcp"
+    cidr_blocks      =  ["172.24.2.0/24"]
+  }
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  tags = {
+    Name = "dskdemo-allow-security"
+  }
+}