Skip to content

Commit 706e6e3

Browse files
author
rohit-ng
committed
fix: allow ssh ingress from within vpc
1 parent 73ed852 commit 706e6e3

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

modules/github-runner/main.tf

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,14 @@
11
locals {
22
security_group_name_prefix = "github-runner-sg"
3+
security_group_description = "Allow ssh ingress within vpc and all egress traffic"
34
ubuntu_instance_name = "github-runner"
45
instance_type = "t2.micro"
56
}
67

8+
data "aws_vpc" "vpc" {
9+
id = var.vpc_id
10+
}
11+
712
resource "aws_instance" "github_runner" {
813
ami = var.ami_id
914
instance_type = local.instance_type
@@ -27,14 +32,14 @@ resource "aws_instance" "github_runner" {
2732

2833
resource "aws_security_group" "github_runner" {
2934
name_prefix = local.security_group_name_prefix
30-
description = "Allow ssh ingress and all egress traffic"
35+
description = local.security_group_description
3136
vpc_id = var.vpc_id
3237

3338
ingress {
3439
from_port = 22
3540
to_port = 22
3641
protocol = "tcp"
37-
cidr_blocks = ["0.0.0.0/0"]
42+
cidr_blocks = [data.aws_vpc.vpc.cidr_block]
3843
}
3944

4045
egress {

0 commit comments

Comments
 (0)