Merge pull request #609 from rust-lang/allow-bastion2-to-access-crater

allow bastion2 to access crater

terraform/crater/instance.tf

@@ -59,6 +59,10 @@ data "dns_a_record_set" "bastion" {
   host = "bastion.infra.rust-lang.org"
 }
 
+data "dns_a_record_set" "bastion2" {
+  host = "bastion2.infra.rust-lang.org"
+}
+
 resource "aws_security_group" "crater" {
   vpc_id      = data.terraform_remote_state.shared.outputs.prod_vpc.id
   name        = "rust-prod-crater"
@@ -88,6 +92,28 @@ resource "aws_security_group" "crater" {
     }
   }
 
+  dynamic "ingress" {
+    for_each = toset(data.dns_a_record_set.bastion2.addrs)
+    content {
+      from_port   = 22
+      to_port     = 22
+      protocol    = "tcp"
+      cidr_blocks = ["${ingress.value}/32"]
+      description = "SSH from the bastion"
+    }
+  }
+
+  dynamic "ingress" {
+    for_each = toset(data.dns_a_record_set.bastion2.addrs)
+    content {
+      from_port   = -1
+      to_port     = -1
+      protocol    = "icmp"
+      cidr_blocks = ["${ingress.value}/32"]
+      description = "ICMP from the bastion"
+    }
+  }
+
   // node_exporter access from the monitoring instance
   dynamic "ingress" {
     for_each = toset(data.dns_a_record_set.monitoring.addrs)