tfmodule-aws-redis-enterprise/security.tf

resource "aws_security_group" "re" {
  name        = "RedisEnterprise"
  description = "Redis Enterprise Security Group"
  vpc_id      = "${var.vpc-id}"
  tags        = merge({ Name = "RedisEnterprise-${var.vpc-name}" }, var.common-tags)
}

resource "aws_security_group_rule" "internal_rules" {
  count             = length(var.internal-rules)
  type              = "${lookup(var.internal-rules[count.index], "type")}"
  from_port         = "${lookup(var.internal-rules[count.index], "from_port")}"
  to_port           = "${lookup(var.internal-rules[count.index], "to_port")}"
  protocol          = "${lookup(var.internal-rules[count.index], "protocol")}"
  cidr_blocks       = [var.vpc-cidr]
  security_group_id = "${aws_security_group.re.id}"
}

resource "aws_security_group_rule" "external_rules" {
  count             = length(var.external-rules)
  type              = "${lookup(var.external-rules[count.index], "type")}"
  from_port         = "${lookup(var.external-rules[count.index], "from_port")}"
  to_port           = "${lookup(var.external-rules[count.index], "to_port")}"
  protocol          = "${lookup(var.external-rules[count.index], "protocol")}"
  cidr_blocks       = "${lookup(var.external-rules[count.index], "cidr")}"
  security_group_id = "${aws_security_group.re.id}"
}

resource "aws_security_group_rule" "open_nets" {
  type              = "ingress"
  from_port         = "0"
  to_port           = "65535"
  protocol          = "all"
  cidr_blocks       = var.open-nets
  security_group_id = "${aws_security_group.re.id}"
}

resource "aws_security_group_rule" "allow_public_ssh" {
  count             = var.allow-public-ssh
  type              = "ingress"
  from_port         = "22"
  to_port           = "22"
  protocol          = "all"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.re.id}"
}