update outputs to match remote

outputs.tf

@@ -5,3 +5,7 @@ output "node-ips" {
 output "re-security-group" {
   value = aws_security_group.re.id
 }
+
+output "node-internal-ips" {
+  value = aws_instance.re[*].private_ip
+}

security.tf

@@ -33,3 +33,13 @@ resource "aws_security_group_rule" "open_nets" {
   cidr_blocks       = var.open-nets
   security_group_id = "${aws_security_group.re.id}"
 }
+
+resource "aws_security_group_rule" "allow_public_ssh" {
+  count             = var.allow-public-ssh
+  type              = "ingress"
+  from_port         = "22"
+  to_port           = "22"
+  protocol          = "all"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = "${aws_security_group.re.id}"
+}

test/main.tf

@@ -4,19 +4,20 @@ provider "aws" {
 }
 
 module "mymodule" {
-  source          = "../"
-  profile         = "redislabs"
-  region          = "us-east-1"
-  open-nets       = ["192.168.0.127/32"]
-  data-node-count = 3
-  vpc-cidr        = "10.0.0.0/16"
-  vpc-subnets     = ["subnet-1", "subnet-2"]
-  vpc-id          = "vpc-12345678"
-  vpc-name        = "myvpc"
-  ssh-key         = "test.pem"
-  vpc-azs         = ["us-west-1a", "us-west-1b"]
-  common-tags     = {
-    "Owner"       = "maguec"
-    "Project"     = "example"
+  source           = "../"
+  profile          = "redislabs"
+  region           = "us-east-1"
+  open-nets        = ["192.168.0.127/32"]
+  data-node-count  = 3
+  vpc-cidr         = "10.0.0.0/16"
+  vpc-subnets      = ["subnet-1", "subnet-2"]
+  vpc-id           = "vpc-12345678"
+  vpc-name         = "myvpc"
+  ssh-key          = "test.pem"
+  allow-public-ssh = 1
+  vpc-azs          = ["us-west-1a", "us-west-1b"]
+  common-tags      = {
+    "Owner"        = "maguec"
+    "Project"      = "example"
   }
 }

variables.tf

@@ -71,6 +71,11 @@ variable "flash-iops" {
   default     = "100"
   }
 
+variable "allow-public-ssh" {
+  description = "Allow SSH to be open to the public - disabled by default"
+  default     = "0"
+  }
+
 variable "internal-rules" {
   description = "Security rules to allow for connectivity within the VPC"
   type = list
@@ -208,6 +213,55 @@ variable "internal-rules" {
       protocol  = "udp"
       comment   = "Let UDP out to the VPC"
     },
+    {
+      type = "ingress"
+      from_port = "8301"
+      to_port   = "8301"
+      protocol  = "udp"
+      comment   = "Consul Traffic Gossip"
+    },
+    {
+      type = "ingress"
+      from_port = "8301"
+      to_port   = "8301"
+      protocol  = "tcp"
+      comment   = "Consul Traffic Gossip"
+    },
+    {
+      type = "ingress"
+      from_port = "8600"
+      to_port   = "8600"
+      protocol  = "tcp"
+      comment   = "Consul Traffic DNS"
+    },
+    {
+      type = "ingress"
+      from_port = "8600"
+      to_port   = "8600"
+      protocol  = "udp"
+      comment   = "Consul Traffic DNS"
+    },
+    {
+      type = "ingress"
+      from_port = "8400"
+      to_port   = "8400"
+      protocol  = "tcp"
+      comment   = "Consul Traffic RPC"
+    },
+    {
+      type = "ingress"
+      from_port = "8500"
+      to_port   = "8500"
+      protocol  = "tcp"
+      comment   = "Consul Traffic HTTP"
+    },
+    {
+      type = "ingress"
+      from_port = "8300"
+      to_port   = "8300"
+      protocol  = "tcp"
+      comment   = "Consul Traffic Internal"
+    },
     ]
   }