Skip to content
/ AWS_SG_Module.tf Public

This module simplifies the process of defining AWS Security Groups within your Terraform infrastructure code.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jhermesn/AWS_SG_Module.tf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

AWS Security Group Module in Terraform

This module simplifies the process of defining AWS Security Groups within your Terraform infrastructure code. It allows for comprehensive customization of ingress and egress rules, tagging, and association with a VPC.

Features

  • Creates an AWS Security Group in a specified VPC.
  • Supports detailed configuration of multiple ingress and egress rules using various source/destination types (CIDR blocks, IPv6 CIDR blocks, Prefix Lists, other Security Groups, self).
  • Provides convenience inputs for simpler rule definitions (e.g., single CIDR block, single source/destination SG).
  • Automatically includes a Name tag based on the name variable.
  • Allows adding custom tags.
  • Optionally creates a default egress rule allowing all outbound traffic if no specific egress rules are defined.
  • Configurable description for the security group.

Prerequisites

  • Terraform v1.11.0 or later.
  • AWS Provider configured with appropriate credentials.

Inputs

Name Description Type Default Required
name The name of the security group. Must be unique within the VPC. string n/a yes
description A description for the security group. Defaults to 'Security group for <name>' if empty. string "" no
vpc_id The ID of the VPC in which to create the security group. string n/a yes
tags A map of tags to assign to the security group. The Name tag is automatically added. map(string) {} no
ingress_rules A list of complex ingress rule objects. See variables.tf for the exact object structure and validation rules (each rule must specify exactly one source type: cidr_blocks/ipv6_cidr_blocks, prefix_list_ids, security_groups, or self). list(object({...})) [] no
ingress_with_cidr_blocks Convenience list for simple ingress rules specifying a single IPv4 CIDR block. Object attributes: from_port, to_port, protocol, cidr_blocks (string), optionally description. list(object({...})) [] no
ingress_with_source_security_group_id Convenience list for simple ingress rules specifying a single source security group ID. Object attributes: from_port, to_port, protocol, source_security_group_id (string), optionally description. list(object({...})) [] no
egress_rules A list of complex egress rule objects. See variables.tf for the exact object structure and validation rules (each rule must specify exactly one destination type: cidr_blocks/ipv6_cidr_blocks, prefix_list_ids, security_groups, or self). list(object({...})) [] no
egress_with_cidr_blocks Convenience list for simple egress rules specifying a single IPv4 CIDR block. Object attributes: from_port, to_port, protocol, cidr_blocks (string), optionally description. list(object({...})) [] no
egress_with_destination_security_group_id Convenience list for simple egress rules specifying a single destination security group ID. Object attributes: from_port, to_port, protocol, destination_security_group_id (string), optionally description. list(object({...})) [] no
create_default_egress_rule If true and no egress_rules, egress_with_cidr_blocks, or egress_with_destination_security_group_id are provided, a default rule allowing all outbound traffic (0.0.0.0/0 and ::/0 for all ports and protocols) will be created. Set to false to create a security group with no egress rules. bool true no
(Refer to variables.tf for detailed descriptions and structure of the complex object types.)

Outputs

Name Description
sg_id The ID of the security group.
sg_arn The ARN of the security group.
sg_name The name of the security group.
sg_vpc_id The VPC ID of the security group.
sg_owner_id The AWS Account ID of the owner.

Usage

module "web_server_sg" {
  source      = "github.com/jhermesn/AWS_SG_Module.tf"
  name        = "web-server-sg"
  description = "Security group for web servers"
  vpc_id      = "vpc-12345678"
  
  # Simple ingress rules with CIDR blocks
  ingress_with_cidr_blocks = [
    {
      description = "Allow HTTP from anywhere"
      from_port   = 80
      to_port     = 80
      protocol    = "tcp"
      cidr_blocks = "0.0.0.0/0"
    },
    {
      description = "Allow HTTPS from anywhere"
      from_port   = 443
      to_port     = 443
      protocol    = "tcp"
      cidr_blocks = "0.0.0.0/0"
    }
  ]
  
  # Ingress rule with source security group
  ingress_with_source_security_group_id = [
    {
      description              = "Allow SSH from bastion host"
      from_port                = 22
      to_port                  = 22
      protocol                 = "tcp"
      source_security_group_id = "sg-87654321"
    }
  ]
  
  # Complex egress rule
  egress_rules = [
    {
      description = "Allow all outbound traffic to private networks"
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      cidr_blocks = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
    }
  ]
  
  tags = {
    Environment = "Production"
    Project     = "ExampleProject"
  }
}

License

This project is licensed under the MIT License.

About

This module simplifies the process of defining AWS Security Groups within your Terraform infrastructure code.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages