Add rule for auth to connect to trusted clusters

skyscrapers · Nov 14, 2017 · 1231f4a · 1231f4a
1 parent e59b0dc
commit 1231f4a
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/teleport-security-groups/bastion.tf b/teleport-security-groups/bastion.tf
@@ -60,6 +60,16 @@ resource "aws_security_group_rule" "teleport_https_proxy_from_world" {
   security_group_id = "${aws_security_group.teleport_bastion.id}"
 }
 
+# This is needed for the trusted clusters feature, the auth server needs to connect to upstream Teleport clusters
+resource "aws_security_group_rule" "teleport_https_auth_to_world" {
+  type              = "egress"
+  from_port         = 3080
+  to_port           = 3080
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = "${aws_security_group.teleport_bastion.id}"
+}
+
 # Used by letsencrypt to obtain a certificate
 resource "aws_security_group_rule" "teleport_le_http_proxy_from_world" {
   type              = "ingress"