{"id":15156443,"url":"https://github.com/geekcell/terraform-aws-security-group","last_synced_at":"2026-01-20T18:56:15.077Z","repository":{"id":62990992,"uuid":"563893823","full_name":"geekcell/terraform-aws-security-group","owner":"geekcell","description":"Terraform module to provision an AWS Security Group.","archived":false,"fork":false,"pushed_at":"2023-11-02T10:02:30.000Z","size":84,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-05T22:17:12.957Z","etag":null,"topics":["aws","security-group","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"https://www.geekcell.io","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/geekcell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-09T15:01:51.000Z","updated_at":"2023-10-30T08:00:06.000Z","dependencies_parsed_at":"2024-09-22T05:00:37.628Z","dependency_job_id":null,"html_url":"https://github.com/geekcell/terraform-aws-security-group","commit_stats":{"total_commits":6,"total_committers":3,"mean_commits":2.0,"dds":0.5,"last_synced_commit":"f0a4bb7c95d1e4537b4f0cf8829b5c5f029e7819"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-security-group","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-security-group/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-security-group/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geekcell%2Fterraform-aws-security-group/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/geekcell","download_url":"https://codeload.github.com/geekcell/terraform-aws-security-group/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247666021,"owners_count":20975790,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","security-group","terraform","terraform-module"],"created_at":"2024-09-26T19:21:36.549Z","updated_at":"2026-01-20T18:56:15.044Z","avatar_url":"https://github.com/geekcell.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- BEGIN_TF_DOCS --\u003e\n[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)\n\n### Code Quality\n[![License](https://img.shields.io/github/license/geekcell/terraform-aws-security-group)](https://github.com/geekcell/terraform-aws-security-group/blob/master/LICENSE)\n[![GitHub release (latest tag)](https://img.shields.io/github/v/release/geekcell/terraform-aws-security-group?logo=github\u0026sort=semver)](https://github.com/geekcell/terraform-aws-security-group/releases)\n[![Release](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/release.yaml)\n[![Validate](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/validate.yaml)\n[![Lint](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/linter.yaml)\n[![Test](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/test.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/test.yaml)\n\n### Security\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/general)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=INFRASTRUCTURE+SECURITY)\n\n#### Cloud\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+AWS+V1.2)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_aws_13)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+AWS+V1.3)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+AZURE+V1.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_azure_13)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+AZURE+V1.3)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+GCP+V1.1)\n\n##### Container\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_kubernetes_16)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+KUBERNETES+V1.6)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_eks_11)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+EKS+V1.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_gke_11)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+GKE+V1.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=CIS+KUBERNETES+V1.5)\n\n#### Data protection\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=SOC2)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=PCI-DSS+V3.2)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/pci_dss_v321)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=PCI-DSS+V3.2.1)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=ISO27001)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=NIST-800-53)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=HIPAA)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=geekcell%2Fterraform-aws-security-group\u0026benchmark=FEDRAMP+%28MODERATE%29)\n\n# Terraform AWS Security Group\n\nTerraform module to create a Security Group with ingress and egress rules in one go.\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | Description of the Security Group. | `string` | `null` | no |\n| \u003ca name=\"input_egress_rules\"\u003e\u003c/a\u003e [egress\\_rules](#input\\_egress\\_rules) | Egress rules to add to the Security Group. See examples for usage. | \u003cpre\u003elist(object({\u003cbr\u003e    protocol    = string\u003cbr\u003e    description = optional(string)\u003cbr\u003e\u003cbr\u003e    port      = optional(number)\u003cbr\u003e    to_port   = optional(number)\u003cbr\u003e    from_port = optional(number)\u003cbr\u003e\u003cbr\u003e    cidr_blocks              = optional(list(string))\u003cbr\u003e    prefix_list_ids          = optional(list(string))\u003cbr\u003e    source_security_group_id = optional(string)\u003cbr\u003e    self                     = optional(bool)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_ingress_rules\"\u003e\u003c/a\u003e [ingress\\_rules](#input\\_ingress\\_rules) | Ingress rules to add to the Security Group. See examples for usage. | \u003cpre\u003elist(object({\u003cbr\u003e    protocol    = string\u003cbr\u003e    description = optional(string)\u003cbr\u003e\u003cbr\u003e    port      = optional(number)\u003cbr\u003e    to_port   = optional(number)\u003cbr\u003e    from_port = optional(number)\u003cbr\u003e\u003cbr\u003e    cidr_blocks              = optional(list(string))\u003cbr\u003e    prefix_list_ids          = optional(list(string))\u003cbr\u003e    source_security_group_id = optional(string)\u003cbr\u003e    self                     = optional(bool)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Name of the Security Group and Prefix. | `string` | n/a | yes |\n| \u003ca name=\"input_name_prefix\"\u003e\u003c/a\u003e [name\\_prefix](#input\\_name\\_prefix) | Whether to use the name as prefix or regular name. | `bool` | `true` | no |\n| \u003ca name=\"input_revoke_rules_on_delete\"\u003e\u003c/a\u003e [revoke\\_rules\\_on\\_delete](#input\\_revoke\\_rules\\_on\\_delete) | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed. | `bool` | `false` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Tags to add to the Security Group. | `map(any)` | `{}` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | The VPC ID where resources are created. | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_security_group_id\"\u003e\u003c/a\u003e [security\\_group\\_id](#output\\_security\\_group\\_id) | Security Group ID |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 4.36 |\n\n## Resources\n\n- resource.aws_security_group.main (main.tf#6)\n- resource.aws_security_group_rule.main_egress (main.tf#35)\n- resource.aws_security_group_rule.main_ingress (main.tf#18)\n\n# Examples\n### Full\n```hcl\nmodule \"vpc\" {\n  source  = \"registry.terraform.io/terraform-aws-modules/vpc/aws\"\n  version = \"~\u003e 5.0.0\"\n\n  name = \"${var.name}-main\"\n  cidr = \"10.100.0.0/16\"\n}\n\nmodule \"source_security_group\" {\n  source = \"../../\"\n\n  name   = var.name\n  vpc_id = module.vpc.vpc_id\n}\n\nresource \"aws_ec2_managed_prefix_list\" \"test\" {\n  name           = \"All VPC CIDR-s\"\n  address_family = \"IPv4\"\n  max_entries    = 5\n\n  entry {\n    cidr        = \"10.100.0.0/16\"\n    description = \"Primary\"\n  }\n}\n\nmodule \"full\" {\n  source = \"../../\"\n\n  vpc_id      = module.vpc.vpc_id\n  name        = var.name\n  description = \"Testing Terraform full example\"\n\n  ingress_rules = [\n    # To/From ports are the same\n    {\n      port        = 3306\n      protocol    = \"tcp\"\n      cidr_blocks = [\"0.0.0.0/0\"]\n    },\n\n    # Different To/From ports\n    {\n      from_port   = 3306\n      to_port     = 54321\n      protocol    = \"tcp\"\n      cidr_blocks = [\"127.0.0.0/8\", \"10.0.0.0/8\"]\n    },\n\n    # Allow other SG instead of CIDR\n    {\n      port                     = 3306\n      protocol                 = \"udp\"\n      source_security_group_id = module.source_security_group.security_group_id\n    },\n\n    # Using self\n    {\n      port     = 3306\n      protocol = \"udp\"\n      self     = true\n    }\n  ]\n\n  egress_rules = [\n    # To/From ports are the same\n    {\n      port        = 3306\n      protocol    = \"tcp\"\n      cidr_blocks = [\"0.0.0.0/0\"]\n    },\n\n    # Different To/From ports\n    {\n      from_port   = 3306\n      to_port     = 54321\n      protocol    = \"tcp\"\n      cidr_blocks = [\"127.0.0.0/8\", \"10.0.0.0/8\"]\n    },\n\n    # Allow other SG instead of CIDR\n    {\n      port                     = 3306\n      protocol                 = \"udp\"\n      source_security_group_id = module.source_security_group.security_group_id\n    },\n\n    # Using self\n    {\n      port     = 3306\n      protocol = \"udp\"\n      self     = true\n    },\n\n    # Using prefix list\n    {\n      port            = 443\n      protocol        = \"tcp\"\n      prefix_list_ids = [aws_ec2_managed_prefix_list.test.id]\n    }\n  ]\n}\n```\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeekcell%2Fterraform-aws-security-group","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgeekcell%2Fterraform-aws-security-group","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeekcell%2Fterraform-aws-security-group/lists"}