Allow external DNS

jetbrains-infra · Jun 30, 2020 · 4c5f3d5 · 4c5f3d5
1 parent 6a28445
commit 4c5f3d5
Showing 1 changed file with 37 additions and 1 deletion.
diff --git a/security_group.tf b/security_group.tf
@@ -22,6 +22,24 @@ resource "aws_security_group_rule" "ingess_https" {
   security_group_id = aws_security_group.nat.id
 }
 
+resource "aws_security_group_rule" "ingess_dns_tcp" {
+  type              = "ingress"
+  from_port         = 53
+  protocol          = "tcp"
+  to_port           = 53
+  cidr_blocks       = local.private_subnet_cidrs
+  security_group_id = aws_security_group.nat.id
+}
+
+resource "aws_security_group_rule" "ingess_dns_udp" {
+  type              = "ingress"
+  from_port         = 53
+  protocol          = "udp"
+  to_port           = 53
+  cidr_blocks       = local.private_subnet_cidrs
+  security_group_id = aws_security_group.nat.id
+}
+
 resource "aws_security_group_rule" "egress_http" {
   type              = "egress"
   from_port         = 80
@@ -38,4 +56,22 @@ resource "aws_security_group_rule" "egress_https" {
   to_port           = 443
   cidr_blocks       = ["0.0.0.0/0"]
   security_group_id = aws_security_group.nat.id
-}
+}
+
+resource "aws_security_group_rule" "egress_dns_tcp" {
+  type              = "egress"
+  from_port         = 53
+  protocol          = "tcp"
+  to_port           = 53
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.nat.id
+}
+
+resource "aws_security_group_rule" "egress_dns_udp" {
+  type              = "egress"
+  from_port         = 53
+  protocol          = "udp"
+  to_port           = 53
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.nat.id
+}