Skip to content

Latest commit

History

History

security-group

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

README.md

README.md

main.tf

main.tf

migrations.tf

migrations.tf

outputs.tf

outputs.tf

resource-group.tf

resource-group.tf

rules.tf

rules.tf

variables.tf

variables.tf

versions.tf

versions.tf

README.md

security-group

This module creates following resources.

  • aws_security_group
  • aws_vpc_security_group_ingress_rule (optional)
  • aws_vpc_security_group_egress_rule (optional)

Requirements

Name Version
terraform >= 1.6
aws >= 5.3

Providers

Name Version
aws 5.24.0

Modules

Name Source Version
resource_group tedilabs/misc/aws//modules/resource-group ~> 0.10.0

Resources

Name Type
aws_security_group.this resource
aws_vpc_security_group_egress_rule.this resource
aws_vpc_security_group_ingress_rule.this resource

Inputs

Name Description Type Default Required
name (Required) The name of the security group. string n/a yes
vpc_id (Required) The ID of the associated VPC. string n/a yes
description (Optional) The security group description. This field maps to the AWS GroupDescription attribute, for which there is no Update API. string "Managed by Terraform." no
egress_rules (Optional) The configuration for egress rules of the security group. Each block of egress_rules as defined below.
(Required) id - The ID of the egress rule. This value is only used internally within Terraform code.
(Optional) description - The description of the rule.
(Required) protocol - The protocol to match. Note that if protocol is set to -1, it translates to all protocols, all port ranges, and from_port and to_port values should not be defined.
(Required) from_port - The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type.
(Required) to_port - The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
(Optional) ipv4_cidrs - The IPv4 network ranges to allow, in CIDR notation.
(Optional) ipv6_cidrs - The IPv6 network ranges to allow, in CIDR notation.
(Optional) prefix_lists - The prefix list IDs to allow.
(Optional) security_groups - The source security group IDs to allow.
(Optional) self - Whether the security group itself will be added as a source to this ingress rule.		 
list(object({
    id              = string
    description     = optional(string, "Managed by Terraform.")
    protocol        = string
    from_port       = number
    to_port         = number
    ipv4_cidrs      = optional(list(string), [])
    ipv6_cidrs      = optional(list(string), [])
    prefix_lists    = optional(list(string), [])
    security_groups = optional(list(string), [])
    self            = optional(bool, false)
  }))
 [] no
ingress_rules (Optional) The configuration for ingress rules of the security group. Each block of ingress_rules as defined below.
(Required) id - The ID of the ingress rule. This value is only used internally within Terraform code.
(Optional) description - The description of the rule.
(Required) protocol - The protocol to match. Note that if protocol is set to -1, it translates to all protocols, all port ranges, and from_port and to_port values should not be defined.
(Required) from_port - The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type.
(Required) to_port - The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
(Optional) ipv4_cidrs - The IPv4 network ranges to allow, in CIDR notation.
(Optional) ipv6_cidrs - The IPv6 network ranges to allow, in CIDR notation.
(Optional) prefix_lists - The prefix list IDs to allow.
(Optional) security_groups - The source security group IDs to allow.
(Optional) self - Whether the security group itself will be added as a source to this ingress rule.		 
list(object({
    id              = string
    description     = optional(string, "Managed by Terraform.")
    protocol        = string
    from_port       = number
    to_port         = number
    ipv4_cidrs      = optional(list(string), [])
    ipv6_cidrs      = optional(list(string), [])
    prefix_lists    = optional(list(string), [])
    security_groups = optional(list(string), [])
    self            = optional(bool, false)
  }))
 [] no
module_tags_enabled (Optional) Whether to create AWS Resource Tags for the module informations. bool true no
resource_group_description (Optional) The description of Resource Group. string "Managed by Terraform." no
resource_group_enabled (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. bool true no
resource_group_name (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. string "" no
revoke_rules_on_delete (Optional) Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed. bool false no
tags (Optional) A map of tags to add to all resources. map(string) {} no

Outputs

Name Description
arn The ARN of the security group.
description The description of the security group.
egress_rules The configuration of the security group egress rules.
id The ID of the security group.
ingress_rules The configuration of the security group ingress rules.
name The name of the security group.
owner_id The ID of the AWS account that owns the security group.
vpc_id The ID of the associated VPC.