I've built an AD directory with Terraform in AWS but SecurityHub recently pointed out that the SG it created has a bunch of ports wide open with 0.0.0.0/0. Thankfully, I have it in a VPC for internal subnets only, but this is definitely not a great practice and I'd rather set the SG inbound CIDRs to my local VPC network range. Is that possible to change? I don't see a way to get to the SG, other than get its ID.
This is how I created it:
resource "aws_directory_service_directory" "ad" {
name = local.ad_hostname
short_name = "CORP"
password = random_password.ad_admin_password.result
edition = "Standard"
type = "MicrosoftAD"
vpc_settings {
vpc_id = local.vpc_id
subnet_ids = slice(local.pvt_subnets, 0, 2)
}
}