resource "aws_security_group" "grafana-allow-security" { name = "grafana-allow-security-new" description = "Allow inbound traffic" vpc_id = var.VPC_ID ingress { description = "SSH" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["118.223.123.161/32"] } ingress { description = "TLS from grafana" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["118.223.123.161/32"] } ingress { description = "" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "" from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "TLS from teleport" from_port = 30168 to_port = 30168 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "" from_port = 32084 to_port = 32084 protocol = "tcp" cidr_blocks = ["172.0.0.0/8"] } ingress { description = "loki" from_port = 31768 to_port = 31768 protocol = "tcp" cidr_blocks = ["172.24.0.0/16"] } ingress { description = "" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["172.31.0.0/16"] } ingress { description = "nlb-securitygroup" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = [] security_groups = ["sg-0c46bbbbc5ecc2786"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } tags = { Name = "monitoring-allow-security" } } resource "aws_instance" "grafana" { ami = "ami-0409b7ddbc59e3222" instance_type = "m5.large" key_name = "kp-jay-bastion-datasaker" vpc_security_group_ids = [aws_security_group.grafana-allow-security.id] availability_zone = "ap-northeast-2c" subnet_id = var.Public_Subnet_ID_3 root_block_device { delete_on_termination = true volume_size = 30 } tags = { Name = "monitoring.kr.datasaker.io" } }