This is an automated email from the ASF dual-hosted git repository. lfrolov pushed a commit to branch DATALAB-2946 in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit c5dbd2a61ca73480a4f5428625303e6ef7c4545a Author: leonidfrolov <[email protected]> AuthorDate: Thu Aug 4 12:21:15 2022 +0300 [DATALAB-2946]: added allowed ip cidrs list as an argument for aws endpoint --- .../terraform/aws/endpoint/main/network.tf | 12 ++++++------ .../terraform/aws/endpoint/main/variables.tf | 5 +++++ infrastructure-provisioning/terraform/bin/datalab.py | 1 + 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf index 1f0f96c48..983bebc10 100644 --- a/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf +++ b/infrastructure-provisioning/terraform/aws/endpoint/main/network.tf @@ -90,42 +90,42 @@ resource "aws_security_group" "endpoint_sec_group" { from_port = 22 to_port = 22 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.allowed_ip_cidrs } ingress { from_port = 8084 to_port = 8084 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.allowed_ip_cidrs } ingress { from_port = 8085 to_port = 8085 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.allowed_ip_cidrs } ingress { from_port = 4822 to_port = 4822 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.allowed_ip_cidrs } ingress { from_port = 8088 to_port = 8088 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.allowed_ip_cidrs } ingress { from_port = 3128 to_port = 3128 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.allowed_ip_cidrs } egress { diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/variables.tf b/infrastructure-provisioning/terraform/aws/endpoint/main/variables.tf index 65311ac3d..f186ba8e5 100644 --- a/infrastructure-provisioning/terraform/aws/endpoint/main/variables.tf +++ b/infrastructure-provisioning/terraform/aws/endpoint/main/variables.tf @@ -36,6 +36,11 @@ variable "product" {} variable "subnet_cidr" {} +variable "allowed_ip_cidrs" { + type = list(string) + default = ["0.0.0.0/0"] +} + variable "endpoint_instance_shape" {} variable "key_name" {} diff --git a/infrastructure-provisioning/terraform/bin/datalab.py b/infrastructure-provisioning/terraform/bin/datalab.py index 624233284..6849471bc 100644 --- a/infrastructure-provisioning/terraform/bin/datalab.py +++ b/infrastructure-provisioning/terraform/bin/datalab.py @@ -1015,6 +1015,7 @@ class AWSEndpointBuilder(AbstractDeployBuilder): default='false') .add_str('--billing_aws_account_id', 'The ID of ASW linked account', group='endpoint', default='') .add_str('--billing_tag', 'Billing tag', group='endpoint', default='datalab') + .add_list('--allowed_ip_cidrs', 'Allowed IP CIDRs for SGs', group='endpoint', default=['0.0.0.0/0']) ) return params.build() --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
