rfc1918 and rfc6598 in default_security_group_egress (#361)

ManagedKube · Jul 11, 2022 · 3db7add · 3db7add
1 parent 96bb770
commit 3db7add
Showing 1 changed file with 27 additions and 3 deletions.
diff --git a/terraform-modules/aws/vpc/variables.tf b/terraform-modules/aws/vpc/variables.tf
@@ -89,12 +89,36 @@ variable "default_security_group_name" {
 }
 
 variable "default_security_group_egress" {
-  description = "List of maps of egress rules to set on the default security group"
+ description = "List of maps of egress rules to set on the default security group	"
   type        = list(map(string))
   default     = [
     {
-      cidr_blocks = "0.0.0.0/0"
-      description = "Allow all"
+      cidr_blocks = "10.0.0.0/8"
+      description = "rfc1918: Private Address Space"
+      from_port   = 0
+      protocol    = "-1"
+      self        = false
+      to_port     = 0
+    },
+    {
+      cidr_blocks = "172.16.0.0/12"
+      description = "rfc1918: Private Address Space"
+      from_port   = 0
+      protocol    = "-1"
+      self        = false
+      to_port     = 0
+    },
+    {
+      cidr_blocks = "192.168.0.0/16"
+      description = "rfc1918: Private Address Space"
+      from_port   = 0
+      protocol    = "-1"
+      self        = false
+      to_port     = 0
+    },
+    {
+      cidr_blocks = "100.64.0.0/10"
+      description = "rfc6598: Private Address Space"
       from_port   = 0
       protocol    = "-1"
       self        = false