From ce0406dc01d0a39d4dcb7e46bae96ae030128dee Mon Sep 17 00:00:00 2001
From: "iacbot-demo[bot]" <82255952+iacbot-demo[bot]@users.noreply.github.com>
Date: Tue, 26 Apr 2022 21:13:12 +0000
Subject: [PATCH] Lacework IaC Security fix

---
 terraform/aws/security.tf | 70 +++++++++++++++++++--------------------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/terraform/aws/security.tf b/terraform/aws/security.tf
index 60e41a9..0876ad4 100644
--- a/terraform/aws/security.tf
+++ b/terraform/aws/security.tf
@@ -1,51 +1,51 @@
 resource "aws_security_group" "allow_all" {
-    name = "allow all"
-    description = "Allow all inbound and outbound traffic from VPC"
-    ingress {
-      from_port = 0
-      to_port = 0
-      protocol = "-1"
-      self = true
+  name        = "allow all"
+  description = "Allow all inbound and outbound traffic from VPC"
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
   }
   egress {
-      from_port = 0
-      to_port = 0
-      protocol = "-1"
-      self = true
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
   }
   vpc_id = aws_vpc.main.id
   tags = {
-     Name = "allow all"
+    Name = "allow all"
   }
 }
 
 /* Security group for the nat server */
 resource "aws_security_group" "nat" {
-  name = "NAT server security group"
+  name        = "NAT server security group"
   description = "Security group for nat instances that allows SSH and VPN traffic from internet. Also allows outbound HTTP[S]"
-  vpc_id = aws_vpc.main.id
+  vpc_id      = aws_vpc.main.id
   ingress {
-    from_port = 22
-    to_port   = 22
-    protocol  = "tcp"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
   ingress {
-    from_port = 1194
-    to_port   = 1194
-    protocol  = "udp"
+    from_port   = 1194
+    to_port     = 1194
+    protocol    = "udp"
     cidr_blocks = ["0.0.0.0/0"]
   }
   egress {
-    from_port = 443
-    to_port   = 443
-    protocol  = "tcp"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
   egress {
-    from_port = 8080
-    to_port   = 8080
-    protocol  = "tcp"
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
   tags = {
@@ -55,19 +55,19 @@ resource "aws_security_group" "nat" {
 
 /* Security group for the web app*/
 resource "aws_security_group" "web" {
-  name = "web app security group"
+  name        = "web app security group"
   description = "Security group for web that allows web traffic from internet"
-  vpc_id = aws_vpc.main.id
+  vpc_id      = aws_vpc.main.id
   ingress {
-    from_port = 8080
-    to_port   = 8080
-    protocol  = "tcp"
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
   ingress {
-    from_port = 443
-    to_port   = 443
-    protocol  = "tcp"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
@@ -77,6 +77,6 @@ resource "aws_security_group" "web" {
 }
 
 resource "aws_key_pair" "deployer" {
-  key_name = "deployer-key"
+  key_name   = "deployer-key"
   public_key = "Sample SSH key goes here"
 }