Skip to content

Commit

Permalink
feat: Add list variable to override source_ips for LB (#26)
Browse files Browse the repository at this point in the history 
* Use list variable to set source_ips for LB

Instead of hardcoding source_ip ranges into the to module, make use of
variable.

Create a new variable with name `allowed_ips` with the default set to
`[0.0.0.0/0]`.  This change allows the user to restrict access to
external load balancer from only from a small set of ip addresses.

* Add strict type constraint on allowed_ips var

Restrict `allowed_ips` values to list of strings.

Co-authored-by: Amit Kulkarni <amitk@wepay.com>
Co-authored-by: Morgante Pell <morgantep@google.com>
  • Loading branch information
@yuvraj2987 @amitk-WePay @morgante
3 people authored Apr 7, 2020
1 parent 616c0df commit f640695
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 1 addition & 1 deletion main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ resource "google_compute_firewall" "default-lb-fw" {
ports = [var.service_port]
}

source_ranges = ["0.0.0.0/0"]
source_ranges = var.allowed_ips

target_tags = var.target_tags

Expand Down
7 changes: 7 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,3 +102,10 @@ variable "ip_protocol" {
description = "The IP protocol for the frontend forwarding rule and firewall rule. TCP, UDP, ESP, AH, SCTP or ICMP."
default = "TCP"
}

variable "allowed_ips" {
description = "The IP address ranges which can access the load balancer."
default = ["0.0.0.0/0"]
type = list(string)

}

0 comments on commit f640695

Please sign in to comment.