Skip to content

opszero/terraform-aws-security-group

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
.github
.github
Β 
Β 
example
example
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.pre-commit-config.yaml
.pre-commit-config.yaml
Β 
Β 
.terraform-docs.yml
.terraform-docs.yml
Β 
Β 
LICENSE
LICENSE
Β 
Β 
LICENSE_PRO
LICENSE_PRO
Β 
Β 
README.md
README.md
Β 
Β 
SUPPORT
SUPPORT
Β 
Β 
main.tf
main.tf
Β 
Β 
outputs.tf
outputs.tf
Β 
Β 
usage.md
usage.md
Β 
Β 
variables.tf
variables.tf
Β 
Β 
versions.tf
versions.tf
Β 
Β 

Repository files navigation

Terraform-aws-security-group

Terraform AWS Cloud Security-Group Module

Table of Contents

Introduction

This Terraform module creates an AWS security-group along with additional configuration options.

Usage

To use this module, you can include it in your Terraform configuration. Here's an example of how to use it:

Examples

Example: Basic

module "security_group" {
  source      = "git::https://github.com/opszero/terraform-aws-security-group.git?ref=v1.0.0"
  name        = "app"
  vpc_id      = module.vpc.vpc_id

  ## INGRESS Rules
  new_sg_ingress_rules_with_cidr_blocks = [{
    rule_count  = 1
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["172.18.0.0/16"]
    description = "Allow ssh traffic."
  },
    {
      rule_count  = 2
      from_port   = 27017
      to_port     = 27017
      protocol    = "tcp"
      cidr_blocks = ["172.18.0.0/16"]
      description = "Allow Mongodb traffic."
    }
  ]
}

Example: Complete

module "security_group" {
  source      = "git::https://github.com/opszero/terraform-aws-security-group.git?ref=v1.0.0"
  name        = "aap"
  vpc_id      = module.vpc.vpc_id

  ## INGRESS Rules
  new_sg_ingress_rules_with_cidr_blocks = [{
    rule_count  = 1
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["172.16.0.0/16"]
    description = "Allow ssh traffic."
  },
    {
      rule_count  = 2
      from_port   = 27017
      to_port     = 27017
      protocol    = "tcp"
      cidr_blocks = ["172.16.0.0/16"]
      description = "Allow Mongodb traffic."
    }
  ]

  new_sg_ingress_rules_with_self = [{
    rule_count  = 1
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    description = "Allow ssh traffic."
  },
    {
      rule_count  = 2
      from_port   = 443
      to_port     = 443
      protocol    = "tcp"
      description = "Allow Mongodbn traffic."
    }
  ]
}

Example: Only_rules

module "security_group_rules" {
  source         = "git::https://github.com/opszero/terraform-aws-security-group.git?ref=v1.0.0"
  name           = "app"
  vpc_id         = module.vpc.vpc_id
  new_sg         = false
  existing_sg_id = "sg-0092e77f40ba8e3ee"

  ## INGRESS Rules
  existing_sg_ingress_rules_with_cidr_blocks = [{
    rule_count  = 1
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["10.9.0.0/16"]
    description = "Allow ssh traffic."
  },
    {
      rule_count  = 2
      from_port   = 27017
      to_port     = 27017
      protocol    = "tcp"
      cidr_blocks = ["10.9.0.0/16"]
      description = "Allow Mongodb traffic."
    }
  ]

  ## EGRESS Rules
  existing_sg_egress_rules_with_cidr_blocks = [{
    rule_count  = 1
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["10.9.0.0/16"]
    description = "Allow ssh outbound traffic."
  },
    {
      rule_count  = 2
      from_port   = 27017
      to_port     = 27017
      protocol    = "tcp"
      cidr_blocks = ["10.9.0.0/16"]
      description = "Allow Mongodb outbound traffic."
    }]

}

Example: Prefix_list

module "security_group" {
  source              = "git::https://github.com/opszero/terraform-aws-security-group.git?ref=v1.0.0"
  name                = "app"
  vpc_id              = module.vpc.vpc_id
  prefix_list_enabled = true
  entry = [{
    cidr = "10.19.0.0/16"
  }]

  ## INGRESS Rules
  new_sg_ingress_rules_with_prefix_list = [{
    rule_count  = 1
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    description = "Allow ssh traffic."
  }
  ]

  ## EGRESS Rules
  new_sg_egress_rules_with_prefix_list = [{
    rule_count  = 1
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    description = "Allow mysql/aurora outbound traffic."
  }
  ]
}

Examples

For detailed examples on how to use this module, please refer to the Examples directory within this repository.

Author

Your Name Replace MIT and opsZero with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Providers

Name Version
aws >= 6.14.0

Inputs

Name Description Type Default Required
create_timeout Timeout for creating the security group string "10m" no
delete_timeout Timeout for deleting the security group string "10m" no
enabled Flag to control module creation. bool true no
entry Can be specified multiple times for each prefix list entry. list(any) [] no
existing_sg_egress_rules_with_cidr_blocks Ingress rules with only cidr block. Should be used when there is existing security group. any {} no
existing_sg_egress_rules_with_prefix_list Egress rules with only prefic ist ids. Should be used when there is existing security group. any {} no
existing_sg_egress_rules_with_self Egress rules with only self. Should be used when there is existing security group. any {} no
existing_sg_egress_rules_with_source_sg_id Egress rules with only source security group id. Should be used when there is existing security group. any {} no
existing_sg_id Provide existing security group id for updating existing rule string null no
existing_sg_ingress_rules_with_cidr_blocks Ingress rules with only cidr blocks. Should be used when there is existing security group. any {} no
existing_sg_ingress_rules_with_prefix_list Ingress rules with only prefix_list. Should be used when new security group is been deployed. any {} no
existing_sg_ingress_rules_with_self Ingress rules with only source security group id. Should be used when new security group is been deployed. any {} no
existing_sg_ingress_rules_with_source_sg_id Ingress rules with only prefix list ids. Should be used when there is existing security group. any {} no
max_entries The maximum number of entries that this prefix list can contain. number 5 no
name Name (e.g. app or cluster). string "" no
new_sg Flag to control creation of new security group. bool true no
new_sg_egress_rules_with_cidr_blocks n/a 
list(object({
    rule_count       = number
    from_port        = number
    to_port          = number
    protocol         = string
    cidr_blocks      = optional(list(string))
    ipv6_cidr_blocks = optional(list(string))
    description      = string
  }))
 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": "Allow all outbound traffic.",
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "protocol": "-1",
    "rule_count": 1,
    "to_port": 0
  }
]
 no
new_sg_egress_rules_with_prefix_list Egress rules with only prefix list ids. Should be used when new security group is been deployed. any {} no
new_sg_egress_rules_with_self Egress rules with only self. Should be used when new security group is been deployed. any {} no
new_sg_egress_rules_with_source_sg_id Egress rules with only source security group id. Should be used when new security group is been deployed. any {} no
new_sg_ingress_rules_with_cidr_blocks Ingress rules with only cidr blocks. Should be used when new security group is been deployed. any {} no
new_sg_ingress_rules_with_prefix_list Ingress rules with only prefix list ids. Should be used when new security group is been deployed. any {} no
new_sg_ingress_rules_with_self Ingress rules with only self. Should be used when new security group is been deployed. any {} no
new_sg_ingress_rules_with_source_sg_id Ingress rules with only source security group id. Should be used when new security group is been deployed. any {} no
prefix_list_address_family (Required, Forces new resource) The address family (IPv4 or IPv6) of prefix list. string "IPv4" no
prefix_list_enabled Enable prefix_list. bool false no
prefix_list_ids The ID of the prefix list. list(string) [] no
sg_description Security group description. Defaults to Managed by Terraform. Cannot be empty string. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. string null no
tags Additional tags to apply to the security group map(string) {} no
vpc_id The ID of the VPC that the instance security group belongs to. string "" no

Resources

Name Type
aws_ec2_managed_prefix_list.prefix_list resource
aws_security_group.default resource
aws_security_group_rule.existing_sg_egress_with_cidr_blocks resource
aws_security_group_rule.existing_sg_egress_with_prefix_list resource
aws_security_group_rule.existing_sg_egress_with_self resource
aws_security_group_rule.existing_sg_egress_with_source_sg_id resource
aws_security_group_rule.existing_sg_ingress_cidr_blocks resource
aws_security_group_rule.existing_sg_ingress_with_prefix_list resource
aws_security_group_rule.existing_sg_ingress_with_self resource
aws_security_group_rule.existing_sg_ingress_with_source_sg_id resource
aws_security_group_rule.new_sg_egress_with_cidr_blocks resource
aws_security_group_rule.new_sg_egress_with_prefix_list resource
aws_security_group_rule.new_sg_egress_with_self resource
aws_security_group_rule.new_sg_egress_with_source_sg_id resource
aws_security_group_rule.new_sg_ingress_with_cidr_blocks resource
aws_security_group_rule.new_sg_ingress_with_prefix_list resource
aws_security_group_rule.new_sg_ingress_with_self resource
aws_security_group_rule.new_sg_ingress_with_source_sg_id resource
aws_security_group.existing data source

Outputs

Name Description
existing_security_group n/a
existing_sg This outputs the existing security group ID to verify it is correct.
prefix_list_arn The Amazon Resource Name (ARN) of the prefix list.
prefix_list_id The ID of the prefix list.
prefix_list_owner_id The ID of the AWS account that owns the prefix list.
security_group_arn IDs on the AWS Security Groups associated with the instance.
security_group_id IDs on the AWS Security Groups associated with the instance.
security_group_tags A mapping of public tags to assign to the resource.

πŸš€ Built by opsZero!

Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.

We provide support to organizations in the following ways:

We do this with a high-touch support model where you:

  • Get access to us on Slack, Microsoft Teams or Email
  • Get 24/7 coverage of your infrastructure
  • Get an accelerated migration to Kubernetes

Please schedule a call if you need support.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Sep 26, 2025

Sponsor this project

Packages

No packages published

Languages