terraform: import existing resources into terraform
Although it's possible to import existing AWS resources
into a terraformstate object using 'terraform import',
we should try to bring over as many currently existing
resources to our terraform files as possible in order to
reduce chances of something being accidentally deleted
or overwritten as we try to add new resources.
This change moves the definitions for the provider and
backend out of the "ecr" terraform into "main", and then
imports some pre-existing security groups and their rules
as a starting point.
Change-Id: Idb5a11bcdc9b5a249c3a24548088c058e4d6391b
diff --git a/ecr.tf b/ecr.tf
index 1dd53e6..2141b04 100644
--- a/ecr.tf
+++ b/ecr.tf
@@ -1,17 +1,3 @@
-provider "aws" {
- region = "us-east-1"
-}
-
-terraform {
- backend "remote" {
- hostname = "app.terraform.io"
- organization = "trustedfirmware"
- workspaces {
- name = "prod"
- }
- }
-}
-
resource "aws_ecr_repository" "trustedfirmware_fvp" {
name = "fvp"
image_tag_mutability = "MUTABLE"
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..58194cb
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,225 @@
+provider "aws" {
+ region = "us-east-1"
+}
+
+terraform {
+ backend "remote" {
+ hostname = "app.terraform.io"
+ organization = "trustedfirmware"
+ workspaces {
+ name = "prod"
+ }
+ }
+}
+
+# Pre-existing imported security groups
+# "Flexnet" security group
+resource "aws_security_group" "flexnet-sg" {
+ name = "Flexnet"
+ description = "Flexnet access"
+}
+
+resource "aws_security_group_rule" "flexnet-sg" {
+ cidr_blocks = [
+ "172.31.32.0/20",
+ ]
+ description = "Fastmodels http"
+ from_port = 81
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-010ac7a82860d6f10"
+ self = false
+ to_port = 81
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "flexnet-sg-1" {
+ cidr_blocks = [
+ "172.31.32.0/20",
+ ]
+ description = "Flexnet upper range"
+ from_port = 1000
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-010ac7a82860d6f10"
+ self = false
+ to_port = 64000
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "flexnet-sg-2" {
+ cidr_blocks = [
+ "172.31.32.0/20",
+ ]
+ description = "Flexnet upper range UDP"
+ from_port = 1000
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "udp"
+ security_group_id = "sg-010ac7a82860d6f10"
+ self = false
+ to_port = 64000
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "flexnet-sg-3" {
+ cidr_blocks = [
+ "0.0.0.0/0",
+ ]
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_group_id = "sg-010ac7a82860d6f10"
+ self = false
+ to_port = 0
+ type = "egress"
+}
+
+# "ci" security group
+resource "aws_security_group" "ci-sg" {
+ name = "ci"
+ description = "Jenkins"
+}
+
+resource "aws_security_group_rule" "ci-sg" {
+ cidr_blocks = [
+ "0.0.0.0/0",
+ ]
+ from_port = 80
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 80
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-1" {
+ cidr_blocks = []
+ from_port = 80
+ ipv6_cidr_blocks = [
+ "::/0",
+ ]
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 80
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-2" {
+ cidr_blocks = [
+ "0.0.0.0/0",
+ ]
+ from_port = 8080
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 8080
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-3" {
+ cidr_blocks = []
+ from_port = 8080
+ ipv6_cidr_blocks = [
+ "::/0",
+ ]
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 8080
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-4" {
+ cidr_blocks = [
+ "0.0.0.0/0",
+ ]
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 22
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-5" {
+ cidr_blocks = [
+ "0.0.0.0/0",
+ ]
+ from_port = 50000
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 50000
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-6" {
+ cidr_blocks = []
+ from_port = 50000
+ ipv6_cidr_blocks = [
+ "::/0",
+ ]
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 50000
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-7" {
+ cidr_blocks = [
+ "0.0.0.0/0",
+ ]
+ from_port = 443
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 443
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-8" {
+ cidr_blocks = []
+ from_port = 443
+ ipv6_cidr_blocks = [
+ "::/0",
+ ]
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 443
+ type = "ingress"
+}
+
+resource "aws_security_group_rule" "ci-sg-9" {
+ cidr_blocks = [
+ "0.0.0.0/0",
+ ]
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_group_id = "sg-05f5a50eee7a51e40"
+ self = false
+ to_port = 0
+ type = "egress"
+}