Kafka 0.11.0
Confluent Tools Security Group Rules
View SourceRelease NotesThis module creates the Security Group rules that allow traffic in and out of a server running one or more of the Confluent tools (Schema Registry, REST Proxy, or Kafka Connect).
This module is used by the confluent-tools-cluster module, so you typically won't have to use it directly. However, we keep this module separate in case you decide to run one or more of the Confluent tools on top of a different type of cluster (e.g., co-located with ZooKeeper or Kafka, in which case you can include this module to handle the Security Group details for you.
Sample Usage
- Terraform
- Terragrunt
main.tf
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S CONFLUENT-TOOLS-SECURITY-GROUP-RULES MODULE
# ------------------------------------------------------------------------------------------------------
module "confluent_tools_security_group_rules" {
source = "git::git@github.com:gruntwork-io/terraform-aws-kafka.git//modules/confluent-tools-security-group-rules?ref=v0.11.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# A list of CIDR-formatted IP address ranges that will be allowed to connect to
# var.ports
allowed_inbound_cidr_blocks = <INPUT REQUIRED>
# A list of security group IDs that will be allowed to connect to var.ports
allowed_inbound_security_group_ids = <INPUT REQUIRED>
# The ID of the Security Group associated with the ELB that fronts the Confluent
# Tools cluster.
confluent_tools_elb_security_group_id = <INPUT REQUIRED>
# The number of security group IDs in var.allowed_inbound_security_group_ids. We
# should be able to compute this automatically, but due to a Terraform limitation,
# we can't:
# https://github.com/hashicorp/terraform/issues/14677#issuecomment-302772685
num_allowed_inbound_security_group_ids = <INPUT REQUIRED>
# The ID of the security group to which we should add the security group rules
security_group_id = <INPUT REQUIRED>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# The port number on which health-checker
# (https://github.com/gruntwork-io/health-checker) is accepting inbound HTTP
# connections. Specify null to disable this Security Group Rule.
health_checker_listener_port = 5500
# The port numbers that will be open on the server cluster from the given
# var.allowed_inbound_cidr_blocks or var.allowed_inbound_security_group_ids.
# Expects a list of maps, where each map has the keys 'port' and 'description',
# which correspond to the port to be opened and the description to be added to the
# Security Group Rule, respectively.
ports = [{"description":"Confluent Schema Registry","port":8081},{"description":"Confluent REST Proxy","port":8082},{"description":"Kafka Connect worker","port":8083}]
}
terraform.tfvars
# Coming soon!