diff --git a/enos/modules/target_ec2_instances/main.tf b/enos/modules/target_ec2_instances/main.tf index 06b44aad21f7..26a520d3e8ce 100644 --- a/enos/modules/target_ec2_instances/main.tf +++ b/enos/modules/target_ec2_instances/main.tf @@ -4,7 +4,7 @@ terraform { # to the public registry enos = { source = "app.terraform.io/hashicorp-qti/enos" - version = ">= 0.3.2" + version = ">= 0.3.24" } } } @@ -97,10 +97,13 @@ resource "aws_security_group" "target" { # SSH traffic ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["${data.enos_environment.localhost.public_ip_address}/32", join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block)] + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = flatten([ + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), + join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), + ]) } # Vault traffic @@ -109,24 +112,31 @@ resource "aws_security_group" "target" { to_port = 8201 protocol = "tcp" cidr_blocks = flatten([ - "${data.enos_environment.localhost.public_ip_address}/32", + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), - formatlist("%s/32", var.ssh_allow_ips)]) + formatlist("%s/32", var.ssh_allow_ips) + ]) } # Consul traffic ingress { - from_port = 8301 - to_port = 8301 - protocol = "tcp" - cidr_blocks = ["${data.enos_environment.localhost.public_ip_address}/32", join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block)] + from_port = 8301 + to_port = 8301 + protocol = "tcp" + cidr_blocks = flatten([ + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), + join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), + ]) } ingress { - from_port = 8301 - to_port = 8301 - protocol = "udp" - cidr_blocks = ["${data.enos_environment.localhost.public_ip_address}/32", join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block)] + from_port = 8301 + to_port = 8301 + protocol = "udp" + cidr_blocks = flatten([ + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), + join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), + ]) } # Internal traffic diff --git a/enos/modules/target_ec2_spot_fleet/main.tf b/enos/modules/target_ec2_spot_fleet/main.tf index 56c786f5c6a1..4e55da2dd095 100644 --- a/enos/modules/target_ec2_spot_fleet/main.tf +++ b/enos/modules/target_ec2_spot_fleet/main.tf @@ -4,7 +4,7 @@ terraform { # to the public registry enos = { source = "app.terraform.io/hashicorp-qti/enos" - version = ">= 0.3.2" + version = ">= 0.3.24" } } } @@ -209,10 +209,10 @@ resource "aws_security_group" "target" { from_port = 22 to_port = 22 protocol = "tcp" - cidr_blocks = [ - "${data.enos_environment.localhost.public_ip_address}/32", + cidr_blocks = flatten([ + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), - ] + ]) } # Vault traffic @@ -221,7 +221,7 @@ resource "aws_security_group" "target" { to_port = 8201 protocol = "tcp" cidr_blocks = flatten([ - "${data.enos_environment.localhost.public_ip_address}/32", + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), formatlist("%s/32", var.ssh_allow_ips) ]) @@ -232,20 +232,20 @@ resource "aws_security_group" "target" { from_port = 8301 to_port = 8301 protocol = "tcp" - cidr_blocks = [ - "${data.enos_environment.localhost.public_ip_address}/32", + cidr_blocks = flatten([ + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), - ] + ]) } ingress { from_port = 8301 to_port = 8301 protocol = "udp" - cidr_blocks = [ - "${data.enos_environment.localhost.public_ip_address}/32", + cidr_blocks = flatten([ + formatlist("%s/32", data.enos_environment.localhost.public_ip_addresses), join(",", data.aws_vpc.vpc.cidr_block_associations.*.cidr_block), - ] + ]) } # Internal traffic