I am trying to add default security group inbound rule for some 500+ elastic IPs of external gateway we used for network deployment to allow traffic in vpc where E.g. As below
192.168.0.64
Terraform block to add ingress rule to security group which is not working:
resource "aws_default_security_group" "default" {
vpc_id = aws_vpc.demo_vpc.id
ingress = [ {
cidr_blocks = "192.168.0.64"
description = "Allowed security rules"
from_port = 22
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = [ aws_vpc.demo_vpc.default_security_group_id ]
self = false
to_port = 22
} ]
egress = [ {
cidr_blocks = [ "0.0.0.0/0" ]
description = "Allow All"
from_port = 0
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "all"
security_groups = [ aws_vpc.demo_vpc.default_security_group_id ]
self = false
to_port = 0
} ]
}
I get it, ingress rules needs cidr blocks and does not accept specific IP. What is the way to allow only specific IP traffic in given VPC.
Expectation is only 500+ IPs should be able to access server within VPC. Those 500 IPs are completely different to each other i mean, cidr perspective.
A /32 CIDR points to a single IP, so that's what you'll have to append to your IPs.
cidr_blocks = ["192.168.0.64/32"]