counterweight/superhog-infra-repo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add database nsg

Browse source
This commit is contained in:
Pablo Martin 2024-02-06 16:36:09 +01:00
parent 2c736eb0f8
commit b4191bd58d
1 changed files with 31 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

31
human-script.md
View file

@ -119,10 +119,41 @@ Follow this to deploy the entire data infra.
- Protocol: Any - Protocol: Any
- Action: Allow - Action: Allow
- Priority: 1000 - Priority: 1000
- Database NSG
- Name it: `superhog-data-nsg-database-<your-env>`
- Purpose: make the databases subnet reachable only from our services subnet and from our jumphost subnet.
- Add tags: - Add tags:
- `team: data` - `team: data`
- `environment: <your-env>` - `environment: <your-env>`
- `project: network` - `project: network`
- Add the following inbound rules
- Postgres Jumphost Rule
- Name: AllowPostgresFromJumphostInbound
- Source: the addresss range for the `jumphost-subnet`. In this example, `10.69.0.0/29`.
- Source port ranges: *
- Destination: the addresss range for the `databases-subnet`. In this example, `10.69.0.8/29`.
- Destination port ranges: 5432
- Protocol: TCP
- Action: Allow
- Priority: 100
- Postgres Services Rule
- Name: AllowPostgresFromJumphostInbound
- Source: the addresss range for the `services-subnet`. In this example, `10.69.0.64/26`.
- Source port ranges: *
- Destination: the addresss range for the `databases-subnet`. In this example, `10.69.0.8/29`.
- Destination port ranges: 5432
- Protocol: TCP
- Action: Allow
- Priority: 110
- Deny Rule
- Name: DenyAllInbound
- Source: Any
- Source port ranges: *
- Destination: Any
- Destination port ranges: *
- Protocol: Any
- Action: Allow
- Priority: 1000
## 3. Jumphost ## 3. Jumphost