chore: remove SSH ingress rules

jasonwalsh · jasonwalsh · commit eb6418d1c705 · 2020-10-27T14:14:42.000-04:00
The worker and controller security groups included a rule to allow
ingress SSH traffic from anywhere.

I am temporarily removing the permissive rules for security purposes.

Eventually I plan to implement functionality to create a bastion host
that will serve as the entry point to the worker and controller
instances.
diff --git a/modules/controller/main.tf b/modules/controller/main.tf
@@ -74,15 +74,6 @@ resource "aws_security_group" "controller" {
   vpc_id = var.vpc_id
 }
 
-resource "aws_security_group_rule" "ssh" {
-  cidr_blocks       = ["0.0.0.0/0"]
-  from_port         = 22
-  protocol          = "TCP"
-  security_group_id = aws_security_group.controller.id
-  to_port           = 22
-  type              = "ingress"
-}
-
 resource "aws_security_group_rule" "ingress" {
   from_port                = 9200
   protocol                 = "TCP"
diff --git a/modules/worker/main.tf b/modules/worker/main.tf
@@ -22,6 +22,7 @@ data "aws_security_group" "controller" {
   id = var.security_group_id
 }
 
+# Allows the workers to gossip with the controller on :9201
 resource "aws_security_group_rule" "controller" {
   from_port                = 9201
   protocol                 = "TCP"
@@ -39,13 +40,6 @@ resource "aws_security_group" "worker" {
     to_port     = 0
   }
 
-  ingress {
-    cidr_blocks = ["0.0.0.0/0"]
-    from_port   = 22
-    protocol    = "TCP"
-    to_port     = 22
-  }
-
   ingress {
     cidr_blocks = ["0.0.0.0/0"]
     from_port   = 9202
