updates to the sg rules

databricks · May 14, 2024 · 3b82e62 · 3b82e62
1 parent d9253a2
commit 3b82e62
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 23 deletions.
diff --git a/aws/tf/modules/sra/network.tf b/aws/tf/modules/sra/network.tf
@@ -67,18 +67,19 @@ resource "aws_security_group" "sg" {
       cidr_blocks = ["0.0.0.0/0"]
     }
   }
+
+    dynamic "egress" {
+     for_each = var.compliance_security_profile ? [2443] : []
+
+    content {
+      description       = "Databricks - Data Plane Security Group -  FIPS encryption"      
+      from_port         = 2443
+      to_port           = 2443
+      protocol          = "tcp"
+      cidr_blocks       = ["0.0.0.0/0"]
+    }
+  }
   tags = {
     Name = "${var.resource_prefix}-data-plane-sg"
   }
-}
-
-resource "aws_security_group_rule" "esc_conditional_egress" {
-  count             = var.compliance_security_profile != false ? 1 : 0
-  type              = "egress"
-  from_port         = 2443
-  to_port           = 2443
-  protocol          = "tcp"
-  security_group_id = aws_security_group.sg[0].id
-  cidr_blocks       = ["0.0.0.0/0"]
-  description       = "Databricks - Data Plane Security Group -  FIPS encryption"
 }
diff --git a/aws/tf/modules/sra/privatelink.tf b/aws/tf/modules/sra/privatelink.tf
@@ -28,23 +28,23 @@ resource "aws_security_group" "privatelink" {
     security_groups = [aws_security_group.sg[0].id]
   }
 
+  dynamic "ingress" {
+     for_each = var.compliance_security_profile ? [2443] : []
+
+    content {
+      description       = "Databricks - Data Plane Security Group -  FIPS encryption"      
+      from_port         = 2443
+      to_port           = 2443
+      protocol          = "tcp"
+      security_groups   = [aws_security_group.sg[0].id]
+    }
+  }
+
   tags = {
     Name = "${var.resource_prefix}-private-link-sg"
   }
 }
 
-resource "aws_security_group_rule" "esc_conditional_ingress_pl_ingress" {
-  count                    = var.compliance_security_profile != false ? 1 : 0
-  description              = "Databricks - PrivateLink Endpoint SG - FIPS Encryption"
-  type                     = "ingress"
-  from_port                = 2443
-  to_port                  = 2443
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.privatelink[0].id
-  source_security_group_id = aws_security_group.sg[0].id
-}
-
-
 // EXPLANATION: VPC Gateway Endpoint for S3, Interface Endpoint for Kinesis, and Interface Endpoint for STS