Skip to content

Commit

Permalink
Merge pull request #624 from rust-lang/chore-crater-remove-ip-of-old-…
Browse files Browse the repository at this point in the history
…bastion-ec2-from-allowlist

chore(crater): remove ip of old bastion EC2 from allowlist
  • Loading branch information
MarcoIeni authored Oct 28, 2024
2 parents eaddc68 + 2932e4d commit a0cf043
Showing 1 changed file with 0 additions and 26 deletions.
26 changes: 0 additions & 26 deletions terraform/crater/instance.tf
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,6 @@ data "dns_a_record_set" "bastion" {
host = "bastion.infra.rust-lang.org"
}

data "dns_a_record_set" "bastion2" {
host = "bastion2.infra.rust-lang.org"
}

resource "aws_security_group" "crater" {
vpc_id = data.terraform_remote_state.shared.outputs.prod_vpc.id
name = "rust-prod-crater"
Expand Down Expand Up @@ -92,28 +88,6 @@ resource "aws_security_group" "crater" {
}
}

dynamic "ingress" {
for_each = toset(data.dns_a_record_set.bastion2.addrs)
content {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${ingress.value}/32"]
description = "SSH from the bastion"
}
}

dynamic "ingress" {
for_each = toset(data.dns_a_record_set.bastion2.addrs)
content {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["${ingress.value}/32"]
description = "ICMP from the bastion"
}
}

// node_exporter access from the monitoring instance
dynamic "ingress" {
for_each = toset(data.dns_a_record_set.monitoring.addrs)
Expand Down

0 comments on commit a0cf043

Please sign in to comment.