SSH Access

module "ssh_sg" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "1.2.0"

  name   = "ssh-access"
  vpc_id = module.vpc.vpc_id

  ingress_rules = [
    {
      from_port   = 22
      to_port     = 22
      protocol    = "tcp"
      cidr_blocks = ["203.0.113.10/32", "198.51.100.20/32"]
      description = "SSH from admin IPs"
    }
  ]

  egress_rules = [
    {
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      description = "Allow all outbound"
    }
  ]
}

module "corporate_ssh_sg" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "1.2.0"

  name   = "corporate-ssh"
  vpc_id = module.vpc.vpc_id

  ingress_rules = [
    {
      from_port   = 22
      to_port     = 22
      protocol    = "tcp"
      cidr_blocks = ["10.0.0.0/8"]
      description = "SSH from corporate network"
    }
  ]

  egress_rules = [
    {
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
    }
  ]
}

data "aws_ec2_managed_prefix_list" "admin_ips" {
  name = "admin-workstations"
}

module "prefix_ssh_sg" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "1.2.0"

  name   = "prefix-ssh"
  vpc_id = module.vpc.vpc_id

  ingress_rules = [
    {
      from_port       = 22
      to_port         = 22
      protocol        = "tcp"
      prefix_list_ids = [data.aws_ec2_managed_prefix_list.admin_ips.id]
      description     = "SSH from admin prefix list"
    }
  ]

  egress_rules = [
    {
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
    }
  ]
}