Merge pull request #15 from skyscrapers/nrpe

Allow nrpe traffic from icinga satellite to internal instances
skyscrapers · Jul 31, 2017 · 444fa64 · 444fa64
2 parents daf3795 + a05640e
commit 444fa64
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -139,6 +139,7 @@ to make the creation and adaptation of security groups much more modular.
  * [`project`]: String(required): the name of the customer or project
  * [`environment`]: String(required): the environment to create the security group in. Examples: `staging`, `production`
  * [`icinga_master_ip`]: String(required): the IP address of the Icinga master in CIDR notation.
+ * [`internal_sg_id`]: String(optional): The Icinga satellite will be able to access this security group through NRPE, if provided.
 
 ### Output:
  * [`sg_id`]: String: the id of the security group created

diff --git a/securitygroups/icinga_satellite/main.tf b/securitygroups/icinga_satellite/main.tf
@@ -55,3 +55,23 @@ resource "aws_security_group_rule" "icinga_outside3_from_tools01" {
   protocol          = "tcp"
   cidr_blocks       = ["${var.icinga_master_ip}"]
 }
+
+resource "aws_security_group_rule" "nrpe_satellite_to_instances" {
+  count                    = "${length(var.internal_sg_id) > 0 ? 1 : 0}"
+  type                     = "egress"
+  security_group_id        = "${aws_security_group.sg_icinga_satellite.id}"
+  from_port                = "5666"
+  to_port                  = "5666"
+  protocol                 = "tcp"
+  source_security_group_id = "${var.internal_sg_id}"
+}
+
+resource "aws_security_group_rule" "nrpe_instances_to_satellite" {
+  count                    = "${length(var.internal_sg_id) > 0 ? 1 : 0}"
+  type                     = "ingress"
+  security_group_id        = "${var.internal_sg_id}"
+  from_port                = "5666"
+  to_port                  = "5666"
+  protocol                 = "tcp"
+  source_security_group_id = "${aws_security_group.sg_icinga_satellite.id}"
+}
diff --git a/securitygroups/icinga_satellite/variables.tf b/securitygroups/icinga_satellite/variables.tf
@@ -13,4 +13,9 @@ variable "project" {
 
 variable "icinga_master_ip" {
   description = "IP of the Icinga master, in CIDR/32 notation"
-}
+}
+
+variable "internal_sg_id" {
+  description = "The Icinga satellite will be able to access this security group through NRPE, if provided."
+  default     = ""
+}