Go to examples/simple dir for more examples
module "secgrp-1" {
source = "../../"
name = "project-abc"
description = "Managed by Terraform"
vpc_id = var.vpc_id
ingress_rules = var.ingress_rules
egress_rules = var.egress_rules
tags = {
Tier = "Application"
Allocation = "1234"
}
}
| Name | Version |
|---|---|
| terraform | 1.10.5 |
| aws | >= 5.0 |
| Name | Version |
|---|---|
| aws | >= 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_security_group.this | resource |
| aws_vpc_security_group_egress_rule.this | resource |
| aws_vpc_security_group_ingress_rule.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_sg | (Optional) Whether to create the security group. Defaults to true. | bool |
true |
no |
| description | (Required, Forces new resource) The security group description. Defaults to 'Managed by Terraform'. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. | string |
n/a | yes |
| egress_rules | (Optional, Map of egress Rules) - security_group_id - (Optional) The security group to apply the rule to. - cidr_ipv4 - (Optional) The IPv4 CIDR range to allow. Cannot be specified with source_security_group_id. - cidr_ipv6 - (Optional) The IPv6 CIDR range to allow. Cannot be specified with source_security_group_id. - description - (Optional) Description of this egress rule. - from_port - (Optional) The start port (or ICMP type number if protocol is "icmp" or "icmpv6"). - ip_protocol - (Required) The protocol. If you select a protocol of "-1" (semantically equivalent to "all", which is not a valid value here), you must specify a "from_port" and "to_port" equal to 0. If you select a protocol of "icmp", you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code. If you select a protocol of "58" (ICMPv6), you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code. - prefix_list_id - (Optional) The prefix list ID (or IPv6 prefix list ID for an egress rule) for an AWS service. Cannot be specified with cidr_blocks and self. - referenced_security_group_id - (Optional) The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks and self. - tags - (Optional) A mapping of tags to assign to the resource. - to_port - (Required) The end range port (or ICMP code if protocol is "icmp" or "icmpv6"). If not specified, the value will default to from_port. |
map(object({ |
{} |
no |
| ingress_rules | (Optional, Map of ingress Rules - security_group_id - (Optional) The security group to apply the rule to. - cidr_ipv4 - (Optional) The IPv4 CIDR range to allow. Cannot be specified with source_security_group_id. - cidr_ipv6 - (Optional) The IPv6 CIDR range to allow. Cannot be specified with source_security_group_id. - description - (Optional) Description of this egress rule. - from_port - (Optional) The start port (or ICMP type number if protocol is "icmp" or "icmpv6"). - ip_protocol - (Required) The protocol. If you select a protocol of "-1" (semantically equivalent to "all", which is not a valid value here), you must specify a "from_port" and "to_port" equal to 0. If you select a protocol of "icmp", you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code. If you select a protocol of "58" (ICMPv6), you must specify a "from_port" and "to_port" where from_port is the ICMP type and to_port is the ICMP code. - prefix_list_id - (Optional) The prefix list ID (or IPv6 prefix list ID for an egress rule) for an AWS service. Cannot be specified with cidr_blocks and self. - referenced_security_group_id - (Optional) The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks and self. - tags - (Optional) A mapping of tags to assign to the resource. - to_port - (Required) The end range port (or ICMP code if protocol is "icmp" or "icmpv6"). If not specified, the value will default to from_port. |
map(object({ |
{} |
no |
| name | (Required, Forces new resource) The name of the security group. | string |
n/a | yes |
| tags | (Optional) A mapping of tags to assign to the resource. | map(string) |
{} |
no |
| vpc_id | (Required, Forces new resource) The VPC ID. | string |
n/a | yes |
| Name | Description |
|---|---|
| arn | The ID of the security group |
| id | The ID of the security group |
[ ]