Merge pull request #7 from equalogic/remove-admin-sg

Remove `sg_wireguard_admin` security group
equalogic · Feb 16, 2023 · 372cc33 · 372cc33
2 parents c51dd7c + ea6aae4
commit 372cc33
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 43 deletions.
diff --git a/outputs.tf b/outputs.tf
@@ -1,8 +1,3 @@
-output "vpn_sg_admin_id" {
-  value       = aws_security_group.sg_wireguard_admin.id
-  description = "ID of the internal Security Group to associate with other resources needing to be accessed on VPN."
-}
-
 output "vpn_sg_external_id" {
   value       = aws_security_group.sg_wireguard_external.id
   description = "ID of the external Security Group to associate with the VPN."
@@ -12,4 +7,3 @@ output "vpn_asg_name" {
   value       = aws_autoscaling_group.wireguard_asg.name
   description = "ID of the internal Security Group to associate with other resources needing to be accessed on VPN."
 }
-
diff --git a/wireguard-securitygroups.tf b/wireguard-securitygroups.tf
@@ -1,10 +1,10 @@
 resource "aws_security_group" "sg_wireguard_external" {
-  name        = "wireguard-${var.env}-external"
-  description = "Terraform Managed. Allow Wireguard client traffic from internet."
+  name        = "wireguard-${var.env}"
+  description = "Wireguard Server"
   vpc_id      = var.vpc_id
 
   tags = {
-    Name       = "wireguard-${var.env}-external"
+    Name       = "wireguard-${var.env}"
     Project    = "wireguard"
     tf-managed = "True"
     env        = var.env
@@ -24,37 +24,3 @@ resource "aws_security_group" "sg_wireguard_external" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
-
-resource "aws_security_group" "sg_wireguard_admin" {
-  name        = "wireguard-${var.env}-admin"
-  description = "Terraform Managed. Allow admin traffic to internal resources from VPN"
-  vpc_id      = var.vpc_id
-
-  tags = {
-    Name       = "wireguard-${var.env}-admin"
-    Project    = "vpn"
-    tf-managed = "True"
-    env        = var.env
-  }
-
-  ingress {
-    from_port       = 0
-    to_port         = 0
-    protocol        = "-1"
-    security_groups = [aws_security_group.sg_wireguard_external.id]
-  }
-
-  ingress {
-    from_port       = 8
-    to_port         = 0
-    protocol        = "icmp"
-    security_groups = [aws_security_group.sg_wireguard_external.id]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}