Merge pull request #2 from weka/feat/add-security-rules-for-public-lb

feat: add security list rules for public lb
weka · Nov 6, 2024 · e89dc0b · e89dc0b
2 parents 98b246f + 74c2617
commit e89dc0b
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/modules/network/subnets.tf b/modules/network/subnets.tf
@@ -159,9 +159,25 @@ resource "oci_core_security_list" "oke" {
   lifecycle {
     ignore_changes = [
       freeform_tags, defined_tags, display_name, vcn_id,
-      ingress_security_rules, egress_security_rules, # ignore for CCM-management
+      egress_security_rules, # ignore for CCM-management
     ]
   }
+
+  dynamic "ingress_security_rules" {
+    iterator = port
+    for_each = each.key == "pub_lb" ? ["443", "80"] : []
+    content {
+      protocol = "6"
+      source = "0.0.0.0/0"
+      source_type = "CIDR_BLOCK"
+      tcp_options {
+        source_port_range {
+          max = port.value
+          min = port.value
+        }
+      }
+    }
+  }
 }
 
 # Return configured/created subnet IDs and CIDRs when applicable