Overview

Terraform module for AWS Security group, which aims to focus on actual service operations.

The module has the following characteristics:

You can provision multiple security groups and rules at one time.
Individual identifier are entered into each security group, ingress, and egress rule to apply lifecycle { create_before_destroy = true}.
There is a caution when using cidr_blocks, ipv6_cidr_blocks, and prefix_list_ids in aws_security_group_rule. If there is a change in cidr_blocks, the aws_security_group_rule itself is replaced (delete and create), not just the changed part. This can cause an issue in service operation. Therefore, aws_security_group_rule is created by separating the items of cidr_block individually (This is the same for ipv6_cidr_blocks and prefix_list_ids.).

If var.security_groups is too long, please consider writing it in yaml or json file and using yamldcode() or jsondecode().

The contents below are generated by terrform-docs.

Requirements

Name	Version
terraform	>= 1.6.0
aws	>= 5.0.0

Inputs

Name	Description	Type	Default	Required
global_additional_tag	Additional tags for all resources.	`map(string)`	{ "TerraformModuleSource": "github.com/Yunsang-Jeong/terraform-aws-securitygroup" }	no
name_prefix	The name-prefix of all resources.	`string`	`"tf-poc"`	no
security_groups	The security gorup information	list(object({ identifier = string description = string additional_tag = optional(map(string), {}) ingresses = optional(list(object({ identifier = string description = string from_port = string to_port = string protocol = string cidr_blocks = optional(list(string)) ipv6_cidr_blocks = optional(list(string)) prefix_list_ids = optional(list(string)) source_security_group_identifier = optional(string) source_security_group_id = optional(string) self = optional(bool) })), []) egresses = optional(list(object({ identifier = string description = string from_port = string to_port = string protocol = string cidr_blocks = optional(list(string)) ipv6_cidr_blocks = optional(list(string)) prefix_list_ids = optional(list(string)) destination_security_group_identifier = optional(string) destination_security_group_id = optional(string) self = optional(bool) })), [ { identifier = "default" description = "Default" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } ]) }))	`[]`	no
vpc_id	The id of vpc where you want to place security group	`string`	n/a	yes

Outputs

Name	Description
security_group_ids	The map of the security group id.

Example

module "security_group" {
  source = "github.com/Yunsang-Jeong/terraform-aws-securitygroup"
  
  vpc_id = "vpc-000000000000"
  security_groups = [
    {
      identifier  = "ec2-bastion"
      description = "the security group for bastion host"
      ingresses = [
        {
          identifier  = "ssh-public"
          description = "SSH connection"
          from_port   = "22"
          to_port     = "22"
          protocol    = "tcp"
          cidr_blocks = ["1.2.3.4/32"]
        }
      ]
    },
    {
      identifier  = "elb-web"
      description = "the security group for web-elb"
      ingresses = [
        {
          identifier  = "web"
          description = "Web service"
          from_port   = "443"
          to_port     = "443"
          protocol    = "tcp"
          cidr_blocks = ["0.0.0.0/0"]
        }
      ]
      egresses = [
        {
          identifier                            = "health-check-to-web"
          description                           = "Health check"
          from_port                             = "80"
          to_port                               = "80"
          protocol                              = "tcp"
          destination_security_group_identifier = "ec2-web"
      }]
    },
    {
      identifier  = "ec2-web"
      description = "the security group for web-elb"
      ingresses = [
        {
          identifier                       = "srv-web-elb"
          description                      = "Connection from elb"
          from_port                        = "80"
          to_port                          = "80"
          protocol                         = "tcp"
          source_security_group_identifier = "elb-web"
          }, {
          identifier                       = "ssh-from-bastion"
          description                      = "Connection from bastion"
          from_port                        = "22"
          to_port                          = "22"
          protocol                         = "tcp"
          source_security_group_identifier = "ec2-bastion"
        }
      ]
    },
    {
      identifier  = "vpc-endpoint"
      description = "the security group for vpc-endpoint"
      ingresses = [
        {
          identifier  = "https-itself"
          description = "itself"
          from_port   = "443"
          to_port     = "443"
          protocol    = "tcp"
          self        = true
        }
      ]
    }
  ]
}

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
examples		examples
tests		tests
.gitignore		.gitignore
.terraform-docs.yml		.terraform-docs.yml
README.md		README.md
egress_rules.tf		egress_rules.tf
ingress_rules.tf		ingress_rules.tf
outputs.tf		outputs.tf
security_groups.tf		security_groups.tf
terraform.tf		terraform.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Overview

Requirements

Inputs

Outputs

Example

About

Releases

Languages

Yunsang-Jeong/terraform-aws-securitygroup

Folders and files

Latest commit

History

Repository files navigation

Overview

Requirements

Inputs

Outputs

Example

About

Topics

Resources

Stars

Watchers

Forks

Releases

Languages