Merge pull request hashicorp#11 from wpengine/SRE-1258_vault_to_metri…

…csdb_dev [SRE-1258] Open up MySQL port for vault => metricsdb1 in dev
jeffwecan · May 22, 2018 · 802636e · 802636e
2 parents 579c6bf + 36c5814
commit 802636e
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 0 deletions.
diff --git a/terraform/aws/corporate/inputs.tf b/terraform/aws/corporate/inputs.tf
@@ -40,6 +40,12 @@ variable "vault_load_balancer_security_group_id" {
   default = "sg-cb97a3b9"
 }
 
+variable "vault_security_group_id" {
+  type = "string"
+  description = "The VPC security group ID for the Vault nodes / ec2 instances themselves."
+  default = "sg-49af9b3b"
+}
+
 variable "vault_dns_record_name" {
   type = "string"
   description = "The record to create on the wpesvc.net to point at Vault's internally facing Application Load Balancer."
@@ -58,6 +64,12 @@ variable "corporate_core_metrics_subnet_id" {
   default     = "subnet-d3b549f9"
 }
 
+variable "metricsdb_security_group_id" {
+  type = "string"
+  description = "The VPC security group ID for the metricsdb nodes / ec2 instance."
+  default = "sg-f4065b8d"
+}
+
 variable "cm_subnet_id" {
   type = "string"
   description = "Subnet ID for the cm-aws instance"

diff --git a/terraform/aws/corporate/main.tf b/terraform/aws/corporate/main.tf
@@ -45,6 +45,17 @@ module "corporate_core_metrics_to_vault" {
   }
 }
 
+resource "aws_security_group_rule" "allow_vault_server_to_metricsdb_mysql" {
+  provider                  = "aws.corporate"
+  type                      = "ingress"
+  from_port                 = 3306
+  to_port                   = 3306
+  protocol                  = "tcp"
+  source_security_group_id  = "${var.vault_security_group_id}"
+
+  security_group_id = "${var.metricsdb_security_group_id}"
+}
+
 module "cm_to_vault" {
   source = "git@github.com:wpengine/infraform.git//modules/aws-vpc-peering-to-vault-vpc?ref=v1.42"
 

diff --git a/terraform/aws/development/inputs.tf b/terraform/aws/development/inputs.tf
@@ -46,6 +46,12 @@ variable "vault_load_balancer_security_group_id" {
   default = "sg-1b8c8569"
 }
 
+variable "vault_security_group_id" {
+  type = "string"
+  description = "The VPC security group ID for the Vault nodes / ec2 instances themselves."
+  default = "sg-bb8e87c9"
+}
+
 variable "vault_dns_record_name" {
   type = "string"
   description = "The record to create on the wpesvc.net to point at Vault's internally facing Application Load Balancer."
@@ -64,6 +70,12 @@ variable "corporate_core_metrics_subnet_id" {
   default     = "subnet-88f28fd0"
 }
 
+variable "metricsdb_security_group_id" {
+  type = "string"
+  description = "The VPC security group ID for the metricsdb nodes / ec2 instance."
+  default = "sg-3d895142"
+}
+
 variable "gcp_project" {
   type = "string"
   description = "The GCP project to connect to for dev-cm."

diff --git a/terraform/aws/development/main.tf b/terraform/aws/development/main.tf
@@ -51,6 +51,17 @@ module "corporate_core_metrics_to_vault" {
   }
 }
 
+resource "aws_security_group_rule" "allow_vault_server_to_metricsdb_mysql" {
+  provider                  = "aws.development"
+  type                      = "ingress"
+  from_port                 = 3306
+  to_port                   = 3306
+  protocol                  = "tcp"
+  source_security_group_id  = "${var.vault_security_group_id}"
+
+  security_group_id = "${var.metricsdb_security_group_id}"
+}
+
 module "dev_cm_to_vault" {
   source = "git@github.com:wpengine/infraform.git//modules/gcp-vpn-to-vault-vpc?ref=v1.42"