Merge pull request #27 from TaopaiC/add-ssh-cidr-for-elastikube-worker

add a list of CIDR networks to allow ssh access to worker
getamis · Mar 22, 2019 · 1975a94 · 1975a94
2 parents 3432140 + 8265015
commit 1975a94
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/aws/elastikube/variables.tf b/aws/elastikube/variables.tf
@@ -94,6 +94,12 @@ variable "ssh_key" {
   description = "The key name that should be used for the instances."
 }
 
+variable "allowed_ssh_cidr" {
+  type        = "list"
+  default     = ["0.0.0.0/0"]
+  description = "(Optional) A list of CIDR networks to allow ssh access to. Defaults to \"0.0.0.0/0\""
+}
+
 variable "service_cidr" {
   type        = "string"
   default     = "172.16.0.0/13"

diff --git a/aws/elastikube/worker-sg.tf b/aws/elastikube/worker-sg.tf
@@ -48,7 +48,7 @@ resource "aws_security_group_rule" "workers_ingress_ssh" {
   security_group_id = "${aws_security_group.workers.id}"
 
   protocol    = "tcp"
-  cidr_blocks = ["0.0.0.0/0"]
+  cidr_blocks = ["${var.allowed_ssh_cidr}"]
   from_port   = 22
   to_port     = 22
 }