Terraform module to create a Security Group with ingress and egress rules in one go.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| description | Description of the Security Group. | string | null | no |
| egress_rules | Egress rules to add to the Security Group. See examples for usage. | list(object({ | [] | no |
| ingress_rules | Ingress rules to add to the Security Group. See examples for usage. | list(object({ | [] | no |
| name | Name of the Security Group and Prefix. | string | n/a | yes |
| name_prefix | Whether to use the name as prefix or regular name. | bool | true | no |
| revoke_rules_on_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed. | bool | false | no |
| tags | Tags to add to the Security Group. | map(any) | {} | no |
| vpc_id | The VPC ID where resources are created. | string | n/a | yes |
| Name | Description |
|---|---|
| security_group_id | Security Group ID |
| Name | Version |
|---|---|
| aws | >= 4.36 |
- resource.aws_security_group.main (main.tf#6)
- resource.aws_security_group_rule.main_egress (main.tf#35)
- resource.aws_security_group_rule.main_ingress (main.tf#18)
module "vpc" { source = "registry.terraform.io/terraform-aws-modules/vpc/aws" version = "~> 5.0.0" name = "${var.name}-main" cidr = "10.100.0.0/16" } module "source_security_group" { source = "../../" name = var.name vpc_id = module.vpc.vpc_id } resource "aws_ec2_managed_prefix_list" "test" { name = "All VPC CIDR-s" address_family = "IPv4" max_entries = 5 entry { cidr = "10.100.0.0/16" description = "Primary" } } module "full" { source = "../../" vpc_id = module.vpc.vpc_id name = var.name description = "Testing Terraform full example" ingress_rules = [ # To/From ports are the same { port = 3306 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }, # Different To/From ports { from_port = 3306 to_port = 54321 protocol = "tcp" cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"] }, # Allow other SG instead of CIDR { port = 3306 protocol = "udp" source_security_group_id = module.source_security_group.security_group_id }, # Using self { port = 3306 protocol = "udp" self = true } ] egress_rules = [ # To/From ports are the same { port = 3306 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }, # Different To/From ports { from_port = 3306 to_port = 54321 protocol = "tcp" cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"] }, # Allow other SG instead of CIDR { port = 3306 protocol = "udp" source_security_group_id = module.source_security_group.security_group_id }, # Using self { port = 3306 protocol = "udp" self = true }, # Using prefix list { port = 443 protocol = "tcp" prefix_list_ids = [aws_ec2_managed_prefix_list.test.id] } ] }