Skip to content

avidhara/terraform-aws-security-group

Repository files navigation

Static security analysis for Terraform

Terraform Module for AWS Security Group

Use as a Module

Go to examples/simple dir for more examples

module "secgrp-1" {
  source = "../../"
  name   = "project-abc"
  description = "Managed by Terraform"

  vpc_id  = var.vpc_id
  ingress_rules = var.ingress_rules
  egress_rules  = var.egress_rules

  tags = {
    Tier       = "Application"
    Allocation = "1234"
  }
}

Requirements

Name Version
terraform 1.10.5
aws >= 5.0

Providers

Name Version
aws >= 5.0

Modules

No modules.

Resources

Name Type
aws_security_group.this resource
aws_vpc_security_group_egress_rule.this resource
aws_vpc_security_group_ingress_rule.this resource

Inputs

Name Description Type Default Required
create_sg (Optional) Whether to create the security group. Defaults to true. bool true no
description (Required, Forces new resource) The security group description. Defaults to 'Managed by Terraform'. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. string n/a yes
egress_rules (Optional, Map of egress Rules)
- security_group_id - (Optional) The security group to apply the rule to.
- cidr_ipv4 - (Optional) The IPv4 CIDR range to allow. Cannot be specified with source_security_group_id.
- cidr_ipv6 - (Optional) The IPv6 CIDR range to allow. Cannot be specified with source_security_group_id.
- description - (Optional) Description of this egress rule.
- from_port - (Optional) The start port (or ICMP type number if protocol is "icmp" or "icmpv6").
- ip_protocol - (Required) The protocol. If you select a protocol of "-1" (semantically equivalent to "all", which is not a valid value here), you must specify a "from_port" and "to_port" equal to 0. If you select a protocol of "icmp", you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code. If you select a protocol of "58" (ICMPv6), you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code.
- prefix_list_id - (Optional) The prefix list ID (or IPv6 prefix list ID for an egress rule) for an AWS service. Cannot be specified with cidr_blocks and self.
- referenced_security_group_id - (Optional) The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks and self.
- tags - (Optional) A mapping of tags to assign to the resource.
- to_port - (Required) The end range port (or ICMP code if protocol is "icmp" or "icmpv6"). If not specified, the value will default to from_port.
map(object({
security_group_id = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(number)
ip_protocol = optional(string)
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
tags = optional(map(string))
to_port = optional(string)
}))
{} no
ingress_rules (Optional, Map of ingress Rules
- security_group_id - (Optional) The security group to apply the rule to.
- cidr_ipv4 - (Optional) The IPv4 CIDR range to allow. Cannot be specified with source_security_group_id.
- cidr_ipv6 - (Optional) The IPv6 CIDR range to allow. Cannot be specified with source_security_group_id.
- description - (Optional) Description of this egress rule.
- from_port - (Optional) The start port (or ICMP type number if protocol is "icmp" or "icmpv6").
- ip_protocol - (Required) The protocol. If you select a protocol of "-1" (semantically equivalent to "all", which is not a valid value here), you must specify a "from_port" and "to_port" equal to 0. If you select a protocol of "icmp", you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code. If you select a protocol of "58" (ICMPv6), you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code.
- prefix_list_id - (Optional) The prefix list ID (or IPv6 prefix list ID for an egress rule) for an AWS service. Cannot be specified with cidr_blocks and self.
- referenced_security_group_id - (Optional) The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks and self.
- tags - (Optional) A mapping of tags to assign to the resource.
- to_port - (Required) The end range port (or ICMP code if protocol is "icmp" or "icmpv6"). If not specified, the value will default to from_port.
map(object({
security_group_id = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(number)
ip_protocol = string
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
tags = optional(map(string))
to_port = optional(string)
}))
{} no
name (Required, Forces new resource) The name of the security group. string n/a yes
tags (Optional) A mapping of tags to assign to the resource. map(string) {} no
vpc_id (Required, Forces new resource) The VPC ID. string n/a yes

Outputs

Name Description
arn The ID of the security group
id The ID of the security group

ToDo

[ ]

About

Terraform module for AWS Security Group

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Languages