Skip to content

Commit 61f38a5

Browse files
authored
Merge branch 'dev' into main
2 parents 1f1a008 + 21af49f commit 61f38a5

File tree

47 files changed

+2941
-331
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

47 files changed

+2941
-331
lines changed

.github/workflows/terraform_validate.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
max-parallel: 10
1919
matrix:
2020
terraform_ver: [~1.0.0, ~1.1.0, ~1.2.0, ~1.3.0]
21-
terraform_module_parent: [all, aws_ec2_instance, ibmcloud_vs, ibmcloud_powervs, ibmpowervc, msazure_vm]
21+
terraform_module_parent: [all, aws_ec2_instance, ibmcloud_vs, ibmcloud_powervs, ibmpowervc, msazure_vm, vmware_vm]
2222
steps:
2323
- name: Checkout
2424
uses: actions/checkout@v3.1.0

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ The below table lists the Terraform Modules for SAP, and any detailed documentat
5656
|  IBM Power Virtualization Center | N/A |
5757
|  Microsoft Azure Virtual Machine| N/A |
5858
|  ~~oVirt KVM Virtual Machine~~ | N/A |
59-
|  ~~VMware vSphere Virtual Machine~~ | N/A |
59+
|  VMware vSphere Virtual Machine | [/vmware_vm/host_provision](/docs/tf_modules/tf_mod_vmware_vm_host_provision.md) |
6060
| &emsp;Generic documentation | <ul><li>[**/host_network_access_sap](/docs/tf_modules/tf_mod_host_network_access_sap.md)</li></ul> |
6161
| **TF Modules as wrapper to Ansible for SAP solution scenarios** | - |
6262
| &emsp; SAP BW/4HANA single-node | /all/ansible_sap_bw4hana_install |

all/ansible_sap_ecc_sapase_install/create_ansible_extravars.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ sap_swpm_templates_install_dictionary:
138138
- 'igsexe_13-80003187.sar' # IGS 7.53
139139
- 'igshelper_17-10010245.sar'
140140
- 'SYBCTRL_1110-80002616.SAR'
141-
- '51055871_1' # SAP ASE 16.0.03.12 HF1 RDBMS Linux on x86_64 64bit
141+
- '51056224_1' # SAP ASE 16.0.03.13 RDBMS Linux on x86_64 64bit
142142
- 'ASEBC16004P_3-20012477.SAR' # SAP ASE 16.0 FOR BUS. SUITE DBCLIENT SP04 PL03
143143
- '51050708_1' # SAP ERP 6.0 EHP8 Installation Export 1/4, Self-extract RAR EXE
144144
- '51050708_2'
@@ -203,7 +203,7 @@ sap_swpm_templates_install_dictionary:
203203
- 'igsexe_13-80003187.sar' # IGS 7.53
204204
- 'igshelper_17-10010245.sar'
205205
- 'SYBCTRL_1110-80002616.SAR'
206-
- '51055871_1' # SAP ASE 16.0.03.12 HF1 RDBMS Linux on x86_64 64bit
206+
- '51056224_1' # SAP ASE 16.0.03.13 RDBMS Linux on x86_64 64bit
207207
- 'ASEBC16004P_3-20012477.SAR' # SAP ASE 16.0 FOR BUS. SUITE DBCLIENT SP04 PL03
208208
- '51053216_1' # IDES SAP ERP 6.0 EHP8 - INSTALL. EXP. (1/2) 1/22
209209
- '51053216_2'

all/ansible_sap_nwas_abap_sapase_install/create_ansible_extravars.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ sap_swpm_templates_install_dictionary:
132132
- 'igsexe_13-80003187.sar' # IGS 7.53
133133
- 'igshelper_17-10010245.sar'
134134
- 'SYBCTRL_1110-80002616.SAR'
135-
- '51055871_1' # SAP ASE 16.0.03.12 HF1 RDBMS Linux on x86_64 64bit
135+
- '51056224_1' # SAP ASE 16.0.03.13 RDBMS Linux on x86_64 64bit
136136
- 'ASEBC16004P_3-20012477.SAR' # SAP ASE 16.0 FOR BUS. SUITE DBCLIENT SP04 PL03
137137
- '51051806_1' # NetWeaver AS ABAP 7.52 Innovation Pkg - Installation Exp 1/2, RAR
138138
- '51051806_2' # NetWeaver AS ABAP 7.52 Innovation Pkg - Installation Exp 2/2, RAR
@@ -184,7 +184,7 @@ sap_swpm_templates_install_dictionary:
184184
- 'igsexe_13-80003187.sar' # IGS 7.53
185185
- 'igshelper_17-10010245.sar'
186186
- 'SYBCTRL_1110-80002616.SAR'
187-
- '51055871_1' # SAP ASE 16.0.03.12 HF1 RDBMS Linux on x86_64 64bit
187+
- '51056224_1' # SAP ASE 16.0.03.13 RDBMS Linux on x86_64 64bit
188188
- 'ASEBC16004P_3-20012477.SAR' # SAP ASE 16.0 FOR BUS. SUITE DBCLIENT SP04 PL03
189189
- '51050829_3' # SAP Netweaver 7.5 Installation Export, ZIP
190190
# - '51050829_4' # NW 7.5 Language 1/2

all/ansible_sap_nwas_java_sapase_install/create_ansible_extravars.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ sap_swpm_templates_install_dictionary:
134134
- 'SAPHOSTAGENT56_56-80004822.SAR' # SAP Host Agent 7.22
135135
- 'SAPJVM8_90-80000202.SAR' # SAP JVM 8.1
136136
- '51055106' # SAP Netweaver 7.5 SP22 Java, ZIP. Contains JAVA_EXPORT (SAP:JEXPORT:750:SP22:*:*), JAVA_EXPORT_JDMP (SAP:JDMP:750:SP22:*:SW-LABEL), JAVA_J2EE_OSINDEP (SAP:J2EE-CD:750:J2EE-CD:j2ee-cd:*), JAVA_J2EE_OSINDEP_J2EE_INST (SAP:J2EE-INST:750:SP22:*:*), JAVA_J2EE_OSINDEP_UT (SAP:UT:750:SP22:*:*)
137-
- '51055622_1' # SAP ASE 16.0.04.03 RDBMS Linux on x86_64 64bit
137+
- '51056021_1' # SAP ASE 16.0.04.03 HF1 RDBMS Linux on x86_64 64bit
138138
- 'ASEBC16004P_2-20012477.SAR' # SAP ASE 16.0 FOR BUS. SUITE DBCLIENT SP04 PL02
139139
140140
softwarecenter_search_list_ppc64le:

aws_ec2_instance/account_bootstrap/network_security_groups.tf

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,25 @@ resource "aws_security_group" "vpc_sg" {
1111

1212
}
1313

14+
# Allow Outbound DNS Port 53 connection to IBM Cloud VPC DNS resolvers
15+
resource "aws_security_group_rule" "vpc_sg_rule_outbound_dns_tcp" {
16+
security_group_id = aws_security_group.vpc_sg.id
17+
type = "egress"
18+
from_port = 53
19+
to_port = 53
20+
protocol = "tcp"
21+
cidr_blocks = ["${local.target_subnet_ip_range}"]
22+
}
23+
24+
# Allow Outbound DNS Port 53 connection to IBM Cloud VPC DNS resolvers
25+
resource "aws_security_group_rule" "vpc_sg_rule_outbound_dns_udp" {
26+
security_group_id = aws_security_group.vpc_sg.id
27+
type = "egress"
28+
from_port = 53
29+
to_port = 53
30+
protocol = "udp"
31+
cidr_blocks = ["${local.target_subnet_ip_range}"]
32+
}
1433

1534
# Allow Outbound HTTP Port 80 connection to any (e.g. via NAT Gateway)
1635
resource "aws_security_group_rule" "vpc_sg_rule_outbound_http_80" {

aws_ec2_instance/host_network_access_sap/module_variables.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ variable "module_var_aws_vpc_subnet_id" {}
44

55
variable "module_var_host_security_group_id" {}
66

7+
variable "module_var_sap_nwas_abap_ascs_instance_no" {
8+
default = ""
9+
}
10+
711
variable "module_var_sap_nwas_abap_pas_instance_no" {
812
default = ""
913
}

aws_ec2_instance/host_network_access_sap/module_variables_locals.tf

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11

22
locals {
3-
network_rules_sap_nwas_abap_boolean = var.module_var_sap_nwas_abap_pas_instance_no != "" ? true : false
3+
network_rules_sap_nwas_abap_ascs_boolean = var.module_var_sap_nwas_abap_ascs_instance_no != "" ? true : false
4+
network_rules_sap_nwas_abap_pas_boolean = var.module_var_sap_nwas_abap_pas_instance_no != "" ? true : false
45
network_rules_sap_nwas_java_boolean = var.module_var_sap_nwas_java_ci_instance_no != "" ? true : false
56
network_rules_sap_hana_boolean = var.module_var_sap_hana_instance_no != "" ? true : false
67

aws_ec2_instance/host_network_access_sap/network_security_groups_sap.tf renamed to aws_ec2_instance/host_network_access_sap/network_security_groups_sap_hana.tf

Lines changed: 89 additions & 87 deletions
Original file line numberDiff line numberDiff line change
@@ -1,82 +1,67 @@
11

2-
# SAP NetWeaver PAS / SAP GUI, access from within the same Subnet
3-
resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapnwas_sapgui" {
4-
count = local.network_rules_sap_nwas_abap_boolean ? 1 : 0
2+
# SAP HANA ICM HTTPS (Secure) Internal Web Dispatcher, access from within the same Subnet
3+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_https" {
4+
count = local.network_rules_sap_hana_boolean ? 1 : 0
55
security_group_id = var.module_var_host_security_group_id
66
type = "ingress"
7-
from_port = tonumber("32${var.module_var_sap_nwas_abap_pas_instance_no}")
8-
to_port = tonumber("32${var.module_var_sap_nwas_abap_pas_instance_no}")
7+
from_port = tonumber("43${var.module_var_sap_hana_instance_no}")
8+
to_port = tonumber("43${var.module_var_sap_hana_instance_no}")
99
protocol = "tcp"
1010
cidr_blocks = ["${local.target_subnet_ip_range}"]
1111
}
12-
13-
# SAP NetWeaver PAS Gateway, access from within the same Subnet
14-
resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapnwas_gw" {
15-
count = local.network_rules_sap_nwas_abap_boolean ? 1 : 0
12+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_icm_https" {
13+
count = local.network_rules_sap_hana_boolean ? 1 : 0
1614
security_group_id = var.module_var_host_security_group_id
17-
type = "ingress"
18-
from_port = tonumber("33${var.module_var_sap_nwas_abap_pas_instance_no}")
19-
to_port = tonumber("33${var.module_var_sap_nwas_abap_pas_instance_no}")
15+
type = "egress"
16+
from_port = tonumber("43${var.module_var_sap_hana_instance_no}")
17+
to_port = tonumber("43${var.module_var_sap_hana_instance_no}")
2018
protocol = "tcp"
2119
cidr_blocks = ["${local.target_subnet_ip_range}"]
2220
}
2321

24-
# SAP Web GUI and SAP Fiori Launchpad (HTTPS), access from within the same Subnet
25-
resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapfiori" {
26-
count = local.network_rules_sap_nwas_abap_boolean ? 1 : 0
27-
security_group_id = var.module_var_host_security_group_id
28-
type = "ingress"
29-
from_port = tonumber("443${var.module_var_sap_hana_instance_no}")
30-
to_port = tonumber("443${var.module_var_sap_hana_instance_no}")
31-
protocol = "tcp"
32-
cidr_blocks = ["${local.target_subnet_ip_range}"]
33-
}
3422

35-
# SAP NetWeaver sapctrl HTTP and HTTPS, access from within the same Subnet
36-
resource "aws_security_group_rule" "vpc_sg_rule_sap_ingress_sapnwas_ctrl" {
37-
count = local.network_rules_sap_nwas_abap_boolean ? 1 : 0
23+
# SAP HANA ICM HTTP Internal Web Dispatcher, access from within the same Subnet
24+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_http" {
25+
count = local.network_rules_sap_hana_boolean ? 1 : 0
3826
security_group_id = var.module_var_host_security_group_id
3927
type = "ingress"
40-
from_port = tonumber("5${var.module_var_sap_nwas_abap_pas_instance_no}13")
41-
to_port = tonumber("5${var.module_var_sap_nwas_abap_pas_instance_no}14")
28+
from_port = tonumber("80${var.module_var_sap_hana_instance_no}")
29+
to_port = tonumber("80${var.module_var_sap_hana_instance_no}")
4230
protocol = "tcp"
4331
cidr_blocks = ["${local.target_subnet_ip_range}"]
4432
}
45-
46-
47-
# SAP HANA ICM HTTPS (Secure) Internal Web Dispatcher, access from within the same Subnet
48-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_https" {
33+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_icm_http" {
4934
count = local.network_rules_sap_hana_boolean ? 1 : 0
5035
security_group_id = var.module_var_host_security_group_id
51-
type = "ingress"
52-
from_port = tonumber("43${var.module_var_sap_hana_instance_no}")
53-
to_port = tonumber("43${var.module_var_sap_hana_instance_no}")
36+
type = "egress"
37+
from_port = tonumber("80${var.module_var_sap_hana_instance_no}")
38+
to_port = tonumber("80${var.module_var_sap_hana_instance_no}")
5439
protocol = "tcp"
5540
cidr_blocks = ["${local.target_subnet_ip_range}"]
5641
}
5742

58-
# SAP HANA ICM HTTP Internal Web Dispatcher, access from within the same Subnet
59-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_icm_http" {
43+
44+
# SAP HANA Internal Web Dispatcher, webdispatcher process, access from within the same Subnet
45+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_webdisp" {
6046
count = local.network_rules_sap_hana_boolean ? 1 : 0
6147
security_group_id = var.module_var_host_security_group_id
6248
type = "ingress"
63-
from_port = tonumber("80${var.module_var_sap_hana_instance_no}")
64-
to_port = tonumber("80${var.module_var_sap_hana_instance_no}")
49+
from_port = tonumber("3${var.module_var_sap_hana_instance_no}06")
50+
to_port = tonumber("3${var.module_var_sap_hana_instance_no}06")
6551
protocol = "tcp"
6652
cidr_blocks = ["${local.target_subnet_ip_range}"]
6753
}
68-
69-
# SAP HANA Internal Web Dispatcher, access from within the same Subnet
70-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_webdisp" {
54+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_webdisp" {
7155
count = local.network_rules_sap_hana_boolean ? 1 : 0
7256
security_group_id = var.module_var_host_security_group_id
73-
type = "ingress"
57+
type = "egress"
7458
from_port = tonumber("3${var.module_var_sap_hana_instance_no}06")
7559
to_port = tonumber("3${var.module_var_sap_hana_instance_no}06")
7660
protocol = "tcp"
7761
cidr_blocks = ["${local.target_subnet_ip_range}"]
7862
}
7963

64+
8065
# SAP HANA indexserver MDC System Tenant SYSDB, access from within the same Subnet
8166
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_sysdb" {
8267
count = local.network_rules_sap_hana_boolean ? 1 : 0
@@ -87,6 +72,16 @@ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_sy
8772
protocol = "tcp"
8873
cidr_blocks = ["${local.target_subnet_ip_range}"]
8974
}
75+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_index_mdc_sysdb" {
76+
count = local.network_rules_sap_hana_boolean ? 1 : 0
77+
security_group_id = var.module_var_host_security_group_id
78+
type = "egress"
79+
from_port = tonumber("3${var.module_var_sap_hana_instance_no}13")
80+
to_port = tonumber("3${var.module_var_sap_hana_instance_no}13")
81+
protocol = "tcp"
82+
cidr_blocks = ["${local.target_subnet_ip_range}"]
83+
}
84+
9085

9186
# SAP HANA indexserver MDC Tenant #1, access from within the same Subnet
9287
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_1" {
@@ -98,6 +93,58 @@ resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_index_mdc_1"
9893
protocol = "tcp"
9994
cidr_blocks = ["${local.target_subnet_ip_range}"]
10095
}
96+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_index_mdc_1" {
97+
count = local.network_rules_sap_hana_boolean ? 1 : 0
98+
security_group_id = var.module_var_host_security_group_id
99+
type = "egress"
100+
from_port = tonumber("3${var.module_var_sap_hana_instance_no}15")
101+
to_port = tonumber("3${var.module_var_sap_hana_instance_no}15")
102+
protocol = "tcp"
103+
cidr_blocks = ["${local.target_subnet_ip_range}"]
104+
}
105+
106+
107+
# SAP HANA for SOAP over HTTP for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
108+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_startsrv_http_soap" {
109+
count = local.network_rules_sap_hana_boolean ? 1 : 0
110+
security_group_id = var.module_var_host_security_group_id
111+
type = "ingress"
112+
from_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
113+
to_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
114+
protocol = "tcp"
115+
cidr_blocks = ["${local.target_subnet_ip_range}"]
116+
}
117+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_startsrv_http_soap" {
118+
count = local.network_rules_sap_hana_boolean ? 1 : 0
119+
security_group_id = var.module_var_host_security_group_id
120+
type = "egress"
121+
from_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
122+
to_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
123+
protocol = "tcp"
124+
cidr_blocks = ["${local.target_subnet_ip_range}"]
125+
}
126+
127+
128+
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
129+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_startsrv_https_soap" {
130+
count = local.network_rules_sap_hana_boolean ? 1 : 0
131+
security_group_id = var.module_var_host_security_group_id
132+
type = "ingress"
133+
from_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
134+
to_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
135+
protocol = "tcp"
136+
cidr_blocks = ["${local.target_subnet_ip_range}"]
137+
}
138+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_startsrv_https_soap" {
139+
count = local.network_rules_sap_hana_boolean ? 1 : 0
140+
security_group_id = var.module_var_host_security_group_id
141+
type = "egress"
142+
from_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
143+
to_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
144+
protocol = "tcp"
145+
cidr_blocks = ["${local.target_subnet_ip_range}"]
146+
}
147+
101148

102149

103150
# SAP HANA System Replication
@@ -202,48 +249,3 @@ resource "aws_security_group_rule" "vpc_sg_rule_sap_egress_pacemaker_3" {
202249
protocol = "udp"
203250
cidr_blocks = ["${local.target_subnet_ip_range}"]
204251
}
205-
206-
207-
# SAP NetWeaver AS JAVA Central Instance (CI) ICM server process 0..n, access from within the same Subnet
208-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_icm" {
209-
count = local.network_rules_sap_nwas_java_boolean ? 1 : 0
210-
security_group_id = var.module_var_host_security_group_id
211-
type = "ingress"
212-
from_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}00")
213-
to_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}06")
214-
protocol = "tcp"
215-
cidr_blocks = ["${local.target_subnet_ip_range}"]
216-
}
217-
218-
# SAP NetWeaver AS JAVA Central Instance (CI) Access server process 0..n, access from within the same Subnet
219-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_access" {
220-
count = local.network_rules_sap_nwas_java_boolean ? 1 : 0
221-
security_group_id = var.module_var_host_security_group_id
222-
type = "ingress"
223-
from_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}20")
224-
to_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}22")
225-
protocol = "tcp"
226-
cidr_blocks = ["${local.target_subnet_ip_range}"]
227-
}
228-
229-
# SAP NetWeaver AS JAVA Central Instance (CI) Admin Services HTTP server process 0..n, access from within the same Subnet
230-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_admin_http" {
231-
count = local.network_rules_sap_nwas_java_boolean ? 1 : 0
232-
security_group_id = var.module_var_host_security_group_id
233-
type = "ingress"
234-
from_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}13")
235-
to_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}14")
236-
protocol = "tcp"
237-
cidr_blocks = ["${local.target_subnet_ip_range}"]
238-
}
239-
240-
# SAP NetWeaver AS JAVA Central Instance (CI) Admin Services SL Controller server process 0..n, access from within the same Subnet
241-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_sapnwas_java_ci_admin_slcontroller" {
242-
count = local.network_rules_sap_nwas_java_boolean ? 1 : 0
243-
security_group_id = var.module_var_host_security_group_id
244-
type = "ingress"
245-
from_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}17")
246-
to_port = tonumber("5${var.module_var_sap_nwas_java_ci_instance_no}19")
247-
protocol = "tcp"
248-
cidr_blocks = ["${local.target_subnet_ip_range}"]
249-
}
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
2+
# SAP Host Agent with SOAP over HTTP, saphostctrl process as 1128 port, access from within the same Subnet
3+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphostctrl_http_soap" {
4+
security_group_id = var.module_var_host_security_group_id
5+
type = "ingress"
6+
from_port = 1128
7+
to_port = 1128
8+
protocol = "tcp"
9+
cidr_blocks = ["${local.target_subnet_ip_range}"]
10+
}
11+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphostctrl_http_soap" {
12+
security_group_id = var.module_var_host_security_group_id
13+
type = "egress"
14+
from_port = 1128
15+
to_port = 1128
16+
protocol = "tcp"
17+
cidr_blocks = ["${local.target_subnet_ip_range}"]
18+
}
19+
20+
21+
# SAP Host Agent with SOAP over HTTPS, saphostctrls process as 1129 port, access from within the same Subnet
22+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphostctrl_https_soap" {
23+
security_group_id = var.module_var_host_security_group_id
24+
type = "ingress"
25+
from_port = 1129
26+
to_port = 1129
27+
protocol = "tcp"
28+
cidr_blocks = ["${local.target_subnet_ip_range}"]
29+
}
30+
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphostctrl_https_soap" {
31+
security_group_id = var.module_var_host_security_group_id
32+
type = "egress"
33+
from_port = 1129
34+
to_port = 1129
35+
protocol = "tcp"
36+
cidr_blocks = ["${local.target_subnet_ip_range}"]
37+
}

0 commit comments

Comments
 (0)