security.tf
815 Bytes
# Security Group for VPC Link
resource "aws_security_group" "vpc_link" {
name = "${var.api_gateway_name}-vpc-link-sg"
description = "Security group for API Gateway VPC Link to NLB"
vpc_id = data.aws_vpc.selected.id
# 允许从 VPC Link 到 NLB 的 HTTP 流量
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [data.aws_vpc.selected.cidr_block]
description = "Allow HTTP from VPC Link to NLB"
}
# 允许所有出站流量
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow all outbound traffic"
}
tags = merge(var.tags, {
Name = "${var.api_gateway_name}-vpc-link-sg"
Environment = var.environment
Project = "user-management"
})
}