Code Quality

Security

Cloud

Container

Data protection

Terraform AWS Security Group

Terraform module to create a Security Group with ingress and egress rules in one go.

Inputs

Name	Description	Type	Default	Required
description	Description of the Security Group.	string	null	no
egress_rules	Egress rules to add to the Security Group. See examples for usage.	list(object({ protocol = string description = optional(string) port = optional(number) to_port = optional(number) from_port = optional(number) cidr_blocks = optional(list(string)) prefix_list_ids = optional(list(string)) source_security_group_id = optional(string) self = optional(bool) }))	[]	no
ingress_rules	Ingress rules to add to the Security Group. See examples for usage.	list(object({ protocol = string description = optional(string) port = optional(number) to_port = optional(number) from_port = optional(number) cidr_blocks = optional(list(string)) prefix_list_ids = optional(list(string)) source_security_group_id = optional(string) self = optional(bool) }))	[]	no
name	Name of the Security Group and Prefix.	string	n/a	yes
name_prefix	Whether to use the name as prefix or regular name.	bool	true	no
revoke_rules_on_delete	Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed.	bool	false	no
tags	Tags to add to the Security Group.	map(any)	{}	no
vpc_id	The VPC ID where resources are created.	string	n/a	yes

Outputs

Name	Description
security_group_id	Security Group ID

Providers

Name	Version
aws	>= 4.36

Resources

• resource.aws_security_group.main (main.tf#6)
• resource.aws_security_group_rule.main_egress (main.tf#35)
• resource.aws_security_group_rule.main_ingress (main.tf#18)

Examples

Full

module "vpc" {
  source  = "registry.terraform.io/terraform-aws-modules/vpc/aws"
  version = "~> 5.0.0"

  name = "${var.name}-main"
  cidr = "10.100.0.0/16"
}

module "source_security_group" {
  source = "../../"

  name   = var.name
  vpc_id = module.vpc.vpc_id
}

resource "aws_ec2_managed_prefix_list" "test" {
  name           = "All VPC CIDR-s"
  address_family = "IPv4"
  max_entries    = 5

  entry {
    cidr        = "10.100.0.0/16"
    description = "Primary"
  }
}

module "full" {
  source = "../../"

  vpc_id      = module.vpc.vpc_id
  name        = var.name
  description = "Testing Terraform full example"

  ingress_rules = [
    # To/From ports are the same
    {
      port        = 3306
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    },

    # Different To/From ports
    {
      from_port   = 3306
      to_port     = 54321
      protocol    = "tcp"
      cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"]
    },

    # Allow other SG instead of CIDR
    {
      port                     = 3306
      protocol                 = "udp"
      source_security_group_id = module.source_security_group.security_group_id
    },

    # Using self
    {
      port     = 3306
      protocol = "udp"
      self     = true
    }
  ]

  egress_rules = [
    # To/From ports are the same
    {
      port        = 3306
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    },

    # Different To/From ports
    {
      from_port   = 3306
      to_port     = 54321
      protocol    = "tcp"
      cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"]
    },

    # Allow other SG instead of CIDR
    {
      port                     = 3306
      protocol                 = "udp"
      source_security_group_id = module.source_security_group.security_group_id
    },

    # Using self
    {
      port     = 3306
      protocol = "udp"
      self     = true
    },

    # Using prefix list
    {
      port            = 443
      protocol        = "tcp"
      prefix_list_ids = [aws_ec2_managed_prefix_list.test.id]
    }
  ]
}