Adjust SG of ECS nodes to grant ssh access from VPN

Author: jrpradojr

_variables.tf

@@ -293,4 +293,9 @@ variable "fargate_only" {
 variable "ec2_key_enabled" {
   default     = false
   description = "Generate a SSH private key and include in launch template of ECS nodes"
+}
+
+variable "vpn_cidr" {
+  default     = ["10.37.0.0/16"]
+  description = "Cidr of VPN to grant ssh access to ECS nodes"
 }

sg-ecs-nodes.tf

@@ -32,6 +32,18 @@ resource "aws_security_group_rule" "all_from_alb_internal_to_ecs_nodes" {
   source_security_group_id = aws_security_group.alb_internal[0].id
 }
 
+resource "aws_security_group_rule" "ssh_from_vpn_to_ecs_nodes" {
+  count = var.ec2_key_enabled ? 1 : 0
+
+  description       = "ssh from VPN"
+  type              = "ingress"
+  from_port         = 22
+  to_port           = 22
+  protocol          = "tcp"
+  cidr_blocks       = var.vpn_cidr
+  security_group_id = aws_security_group.ecs_nodes.id
+}
+
 resource "aws_security_group_rule" "all_from_ecs_nodes_to_ecs_nodes" {
   description              = "Traffic between ECS nodes"
   type                     = "ingress"