1
1
2
- # SAP NetWeaver PAS / SAP GUI , access from within the same Subnet
3
- resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapnwas_sapgui " {
4
- count = local. network_rules_sap_nwas_abap_boolean ? 1 : 0
2
+ # SAP HANA ICM HTTPS (Secure) Internal Web Dispatcher , access from within the same Subnet
3
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_https " {
4
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
5
5
security_group_id = var. module_var_host_security_group_id
6
6
type = " ingress"
7
- from_port = tonumber (" 32 ${ var . module_var_sap_nwas_abap_pas_instance_no } " )
8
- to_port = tonumber (" 32 ${ var . module_var_sap_nwas_abap_pas_instance_no } " )
7
+ from_port = tonumber (" 43 ${ var . module_var_sap_hana_instance_no } " )
8
+ to_port = tonumber (" 43 ${ var . module_var_sap_hana_instance_no } " )
9
9
protocol = " tcp"
10
10
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
11
11
}
12
-
13
- # SAP NetWeaver PAS Gateway, access from within the same Subnet
14
- resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapnwas_gw" {
15
- count = local. network_rules_sap_nwas_abap_boolean ? 1 : 0
12
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_icm_https" {
13
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
16
14
security_group_id = var. module_var_host_security_group_id
17
- type = " ingress "
18
- from_port = tonumber (" 33 ${ var . module_var_sap_nwas_abap_pas_instance_no } " )
19
- to_port = tonumber (" 33 ${ var . module_var_sap_nwas_abap_pas_instance_no } " )
15
+ type = " egress "
16
+ from_port = tonumber (" 43 ${ var . module_var_sap_hana_instance_no } " )
17
+ to_port = tonumber (" 43 ${ var . module_var_sap_hana_instance_no } " )
20
18
protocol = " tcp"
21
19
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
22
20
}
23
21
24
- # SAP Web GUI and SAP Fiori Launchpad (HTTPS), access from within the same Subnet
25
- resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapfiori" {
26
- count = local. network_rules_sap_nwas_abap_boolean ? 1 : 0
27
- security_group_id = var. module_var_host_security_group_id
28
- type = " ingress"
29
- from_port = tonumber (" 443${ var . module_var_sap_hana_instance_no } " )
30
- to_port = tonumber (" 443${ var . module_var_sap_hana_instance_no } " )
31
- protocol = " tcp"
32
- cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
33
- }
34
22
35
- # SAP NetWeaver sapctrl HTTP and HTTPS , access from within the same Subnet
36
- resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapnwas_ctrl " {
37
- count = local. network_rules_sap_nwas_abap_boolean ? 1 : 0
23
+ # SAP HANA ICM HTTP Internal Web Dispatcher , access from within the same Subnet
24
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_http " {
25
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
38
26
security_group_id = var. module_var_host_security_group_id
39
27
type = " ingress"
40
- from_port = tonumber (" 5 ${ var . module_var_sap_nwas_abap_pas_instance_no } 13 " )
41
- to_port = tonumber (" 5 ${ var . module_var_sap_nwas_abap_pas_instance_no } 14 " )
28
+ from_port = tonumber (" 80 ${ var . module_var_sap_hana_instance_no } " )
29
+ to_port = tonumber (" 80 ${ var . module_var_sap_hana_instance_no } " )
42
30
protocol = " tcp"
43
31
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
44
32
}
45
-
46
-
47
- # SAP HANA ICM HTTPS (Secure) Internal Web Dispatcher, access from within the same Subnet
48
- resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_https" {
33
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_icm_http" {
49
34
count = local. network_rules_sap_hana_boolean ? 1 : 0
50
35
security_group_id = var. module_var_host_security_group_id
51
- type = " ingress "
52
- from_port = tonumber (" 43 ${ var . module_var_sap_hana_instance_no } " )
53
- to_port = tonumber (" 43 ${ var . module_var_sap_hana_instance_no } " )
36
+ type = " egress "
37
+ from_port = tonumber (" 80 ${ var . module_var_sap_hana_instance_no } " )
38
+ to_port = tonumber (" 80 ${ var . module_var_sap_hana_instance_no } " )
54
39
protocol = " tcp"
55
40
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
56
41
}
57
42
58
- # SAP HANA ICM HTTP Internal Web Dispatcher, access from within the same Subnet
59
- resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_http" {
43
+
44
+ # SAP HANA Internal Web Dispatcher, webdispatcher process, access from within the same Subnet
45
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_webdisp" {
60
46
count = local. network_rules_sap_hana_boolean ? 1 : 0
61
47
security_group_id = var. module_var_host_security_group_id
62
48
type = " ingress"
63
- from_port = tonumber (" 80 ${ var . module_var_sap_hana_instance_no } " )
64
- to_port = tonumber (" 80 ${ var . module_var_sap_hana_instance_no } " )
49
+ from_port = tonumber (" 3 ${ var . module_var_sap_hana_instance_no } 06 " )
50
+ to_port = tonumber (" 3 ${ var . module_var_sap_hana_instance_no } 06 " )
65
51
protocol = " tcp"
66
52
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
67
53
}
68
-
69
- # SAP HANA Internal Web Dispatcher, access from within the same Subnet
70
- resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_webdisp" {
54
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_webdisp" {
71
55
count = local. network_rules_sap_hana_boolean ? 1 : 0
72
56
security_group_id = var. module_var_host_security_group_id
73
- type = " ingress "
57
+ type = " egress "
74
58
from_port = tonumber (" 3${ var . module_var_sap_hana_instance_no } 06" )
75
59
to_port = tonumber (" 3${ var . module_var_sap_hana_instance_no } 06" )
76
60
protocol = " tcp"
77
61
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
78
62
}
79
63
64
+
80
65
# SAP HANA indexserver MDC System Tenant SYSDB, access from within the same Subnet
81
66
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_sysdb" {
82
67
count = local. network_rules_sap_hana_boolean ? 1 : 0
@@ -87,6 +72,16 @@ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_sy
87
72
protocol = " tcp"
88
73
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
89
74
}
75
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_index_mdc_sysdb" {
76
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
77
+ security_group_id = var. module_var_host_security_group_id
78
+ type = " egress"
79
+ from_port = tonumber (" 3${ var . module_var_sap_hana_instance_no } 13" )
80
+ to_port = tonumber (" 3${ var . module_var_sap_hana_instance_no } 13" )
81
+ protocol = " tcp"
82
+ cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
83
+ }
84
+
90
85
91
86
# SAP HANA indexserver MDC Tenant #1, access from within the same Subnet
92
87
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_1" {
@@ -98,6 +93,58 @@ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_1"
98
93
protocol = " tcp"
99
94
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
100
95
}
96
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_index_mdc_1" {
97
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
98
+ security_group_id = var. module_var_host_security_group_id
99
+ type = " egress"
100
+ from_port = tonumber (" 3${ var . module_var_sap_hana_instance_no } 15" )
101
+ to_port = tonumber (" 3${ var . module_var_sap_hana_instance_no } 15" )
102
+ protocol = " tcp"
103
+ cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
104
+ }
105
+
106
+
107
+ # SAP HANA for SOAP over HTTP for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
108
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_startsrv_http_soap" {
109
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
110
+ security_group_id = var. module_var_host_security_group_id
111
+ type = " ingress"
112
+ from_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 13" )
113
+ to_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 13" )
114
+ protocol = " tcp"
115
+ cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
116
+ }
117
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_startsrv_http_soap" {
118
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
119
+ security_group_id = var. module_var_host_security_group_id
120
+ type = " egress"
121
+ from_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 13" )
122
+ to_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 13" )
123
+ protocol = " tcp"
124
+ cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
125
+ }
126
+
127
+
128
+ # SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
129
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_startsrv_https_soap" {
130
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
131
+ security_group_id = var. module_var_host_security_group_id
132
+ type = " ingress"
133
+ from_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 14" )
134
+ to_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 14" )
135
+ protocol = " tcp"
136
+ cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
137
+ }
138
+ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_startsrv_https_soap" {
139
+ count = local. network_rules_sap_hana_boolean ? 1 : 0
140
+ security_group_id = var. module_var_host_security_group_id
141
+ type = " egress"
142
+ from_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 14" )
143
+ to_port = tonumber (" 5${ var . module_var_sap_hana_instance_no } 14" )
144
+ protocol = " tcp"
145
+ cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
146
+ }
147
+
101
148
102
149
103
150
# SAP HANA System Replication
@@ -202,48 +249,3 @@ resource "aws_security_group_rule" "vpc_sg_rule_sap_egress_pacemaker_3" {
202
249
protocol = " udp"
203
250
cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
204
251
}
205
-
206
-
207
- # SAP NetWeaver AS JAVA Central Instance (CI) ICM server process 0..n, access from within the same Subnet
208
- resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_icm" {
209
- count = local. network_rules_sap_nwas_java_boolean ? 1 : 0
210
- security_group_id = var. module_var_host_security_group_id
211
- type = " ingress"
212
- from_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 00" )
213
- to_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 06" )
214
- protocol = " tcp"
215
- cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
216
- }
217
-
218
- # SAP NetWeaver AS JAVA Central Instance (CI) Access server process 0..n, access from within the same Subnet
219
- resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_access" {
220
- count = local. network_rules_sap_nwas_java_boolean ? 1 : 0
221
- security_group_id = var. module_var_host_security_group_id
222
- type = " ingress"
223
- from_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 20" )
224
- to_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 22" )
225
- protocol = " tcp"
226
- cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
227
- }
228
-
229
- # SAP NetWeaver AS JAVA Central Instance (CI) Admin Services HTTP server process 0..n, access from within the same Subnet
230
- resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_admin_http" {
231
- count = local. network_rules_sap_nwas_java_boolean ? 1 : 0
232
- security_group_id = var. module_var_host_security_group_id
233
- type = " ingress"
234
- from_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 13" )
235
- to_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 14" )
236
- protocol = " tcp"
237
- cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
238
- }
239
-
240
- # SAP NetWeaver AS JAVA Central Instance (CI) Admin Services SL Controller server process 0..n, access from within the same Subnet
241
- resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_admin_slcontroller" {
242
- count = local. network_rules_sap_nwas_java_boolean ? 1 : 0
243
- security_group_id = var. module_var_host_security_group_id
244
- type = " ingress"
245
- from_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 17" )
246
- to_port = tonumber (" 5${ var . module_var_sap_nwas_java_ci_instance_no } 19" )
247
- protocol = " tcp"
248
- cidr_blocks = [" ${ local . target_subnet_ip_range } " ]
249
- }
0 commit comments