{"id":51410885,"url":"https://github.com/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule","last_synced_at":"2026-07-04T14:32:35.060Z","repository":{"id":345588662,"uuid":"1084454893","full_name":"launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule","owner":"launchbynttdata","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-19T19:16:06.000Z","size":171,"stargazers_count":0,"open_issues_count":7,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-20T10:35:13.045Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/launchbynttdata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-27T17:46:17.000Z","updated_at":"2026-03-19T19:11:08.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule","commit_stats":null,"previous_names":["launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/launchbynttdata","download_url":"https://codeload.github.com/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35125718,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-04T02:00:05.987Z","response_time":113,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-07-04T14:32:33.867Z","updated_at":"2026-07-04T14:32:35.055Z","avatar_url":"https://github.com/launchbynttdata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tf-aws-module_primitive-vpc_security_group_ingress_rule\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)\n\n## Overview\n\nThis Terraform primitive module manages a single AWS VPC security group ingress rule using the `aws_vpc_security_group_ingress_rule` resource from the AWS provider (v5.100+).\n\nThe module exposes all major functionality of the native resource with sensible defaults and lightweight validation, allowing the AWS provider to handle complex validation logic.\n\n## Features\n\n- **Complete Resource Coverage**: Exposes all major arguments of `aws_vpc_security_group_ingress_rule`\n- **Multiple Source Types**: Supports IPv4 CIDR, IPv6 CIDR, prefix lists, and security group references\n- **Protocol Flexibility**: Works with TCP, UDP, ICMP, ICMPv6, and all protocols (`-1`)\n- **Lightweight Validation**: Basic input validation with provider-delegated complex rules\n- **Idempotent**: Safe updates when fields change\n\n## Usage\n\n### Basic Example - IPv4 CIDR\n\n```hcl\nmodule \"ssh_ingress\" {\n  source = \"github.com/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule\"\n\n  security_group_id = aws_security_group.example.id\n  ip_protocol       = \"tcp\"\n  from_port         = 22\n  to_port           = 22\n  cidr_ipv4         = \"10.0.1.0/24\"\n  description       = \"Allow SSH from internal network\"\n}\n```\n\n### IPv6 Example\n\n```hcl\nmodule \"https_ingress_ipv6\" {\n  source = \"github.com/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule\"\n\n  security_group_id = aws_security_group.example.id\n  ip_protocol       = \"tcp\"\n  from_port         = 443\n  to_port           = 443\n  cidr_ipv6         = \"::/0\"\n  description       = \"Allow HTTPS from anywhere (IPv6)\"\n}\n```\n\n### Security Group to Security Group\n\n```hcl\nmodule \"database_ingress\" {\n  source = \"github.com/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule\"\n\n  security_group_id            = aws_security_group.database.id\n  ip_protocol                  = \"tcp\"\n  from_port                    = 5432\n  to_port                      = 5432\n  referenced_security_group_id = aws_security_group.application.id\n  description                  = \"Allow PostgreSQL from application tier\"\n}\n```\n\n### Prefix List Example\n\n```hcl\nmodule \"https_ingress_prefix_list\" {\n  source = \"github.com/launchbynttdata/tf-aws-module_primitive-vpc_security_group_ingress_rule\"\n\n  security_group_id = aws_security_group.example.id\n  ip_protocol       = \"tcp\"\n  from_port         = 443\n  to_port           = 443\n  prefix_list_id    = aws_ec2_managed_prefix_list.example.id\n  description       = \"Allow HTTPS from managed prefix list\"\n}\n```\n\n## Examples\n\nThe `examples/` directory contains several working examples:\n\n- **[complete](./examples/complete/)** - Multiple ingress rules with different configurations\n- **[minimal](./examples/minimal/)** - Minimal configuration with a single SSH rule\n- **[ipv6](./examples/ipv6/)** - IPv6 CIDR source examples\n- **[prefix_list](./examples/prefix_list/)** - Using managed prefix lists as sources\n- **[sg_to_sg](./examples/sg_to_sg/)** - Security group to security group peering\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| terraform | ~\u003e 1.0 |\n| aws | ~\u003e 5.100 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| aws | ~\u003e 5.100 |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| security_group_id | The ID of the security group to which this ingress rule will be attached | `string` | n/a | yes |\n| ip_protocol | The IP protocol name or number. Use '-1' to specify all protocols | `string` | n/a | yes |\n| from_port | The start of port range for TCP/UDP, or ICMP type number | `number` | `null` | no |\n| to_port | The end of port range for TCP/UDP, or ICMP code | `number` | `null` | no |\n| cidr_ipv4 | The source IPv4 CIDR range | `string` | `null` | no |\n| cidr_ipv6 | The source IPv6 CIDR range | `string` | `null` | no |\n| prefix_list_id | The ID of the prefix list for the source | `string` | `null` | no |\n| referenced_security_group_id | The ID of the source security group | `string` | `null` | no |\n| description | The description of this ingress rule | `string` | `null` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| id | The Terraform resource ID of the security group ingress rule |\n| security_group_rule_id | The AWS-assigned unique identifier for the security group rule |\n| security_group_id | The ID of the security group to which this ingress rule is attached |\n| ingress_rule_effective_source | A canonical string describing the effective source (CIDR, prefix list, or security group) |\n| arn | The ARN of the security group rule |\n| tags_all | A map of tags assigned to the resource |\n\n## Behavior \u0026 Limitations\n\n### Source Mutual Exclusivity\n\n**Exactly one** source parameter must be specified:\n- `cidr_ipv4`\n- `cidr_ipv6`\n- `prefix_list_id`\n- `referenced_security_group_id`\n\nThe module will fail validation if none or multiple sources are provided.\n\n### Port Requirements\n\nFor TCP and UDP protocols:\n- Both `from_port` and `to_port` are **required**\n- `from_port` must be ≤ `to_port`\n- Valid range: 0-65535\n\nFor protocol `-1` (all):\n- Ports should be `null` or omitted\n\nFor ICMP/ICMPv6:\n- `from_port` = ICMP type\n- `to_port` = ICMP code\n- Use `-1` for any type/code\n\n### Protocol Values\n\n- Named protocols: `tcp`, `udp`, `icmp`, `icmpv6`\n- Protocol numbers: `6` (TCP), `17` (UDP), etc.\n- All protocols: `-1`\n\nSee [IANA Protocol Numbers](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) for reference.\n\n## Development\n\n### Prerequisites\n\n- [Terraform](https://www.terraform.io/downloads.html) ~\u003e 1.0\n- [Go](https://golang.org/doc/install) ~\u003e 1.24 (for testing)\n- [pre-commit](https://pre-commit.com/) (installed via framework)\n- AWS credentials configured\n\n### Setup\n\n```bash\n# Bootstrap development environment\nmake configure\n\n# Install pre-commit hooks\npre-commit install\n```\n\n### Testing\n\n```bash\n# Run all checks (fmt, validate, lint, unit tests)\nmake check\n\n# Run integration tests for an example\ncd examples/complete\nterraform init\nterraform plan -var-file=test.tfvars\nterraform apply -var-file=test.tfvars\nterraform destroy -var-file=test.tfvars\n```\n\n### Pre-commit Hooks\n\nThe framework includes pre-commit hooks for:\n- Terraform formatting\n- Terraform validation\n- TFLint\n- Documentation generation\n- Security scanning\n\n## Contributing\n\nSee [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.\n\n## License\n\nThis module is licensed under the Apache License 2.0. See [LICENSE](./LICENSE) for details.\n\n## Authors\n\nMaintained by [Launch by NTT DATA](https://github.com/launchbynttdata).\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.100 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.100.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_vpc_security_group_ingress_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_security_group_id\"\u003e\u003c/a\u003e [security\\_group\\_id](#input\\_security\\_group\\_id) | The ID of the security group to which this ingress rule will be attached. | `string` | n/a | yes |\n| \u003ca name=\"input_ip_protocol\"\u003e\u003c/a\u003e [ip\\_protocol](#input\\_ip\\_protocol) | The IP protocol name or number. Use '-1' to specify all protocols. Protocol numbers: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml | `string` | n/a | yes |\n| \u003ca name=\"input_from_port\"\u003e\u003c/a\u003e [from\\_port](#input\\_from\\_port) | The start of port range for the TCP and UDP protocols, or an ICMP type number. Required for tcp and udp protocols. Use -1 for ICMP type. | `number` | `null` | no |\n| \u003ca name=\"input_to_port\"\u003e\u003c/a\u003e [to\\_port](#input\\_to\\_port) | The end of port range for the TCP and UDP protocols, or an ICMP code. Required for tcp and udp protocols. Use -1 for ICMP code. | `number` | `null` | no |\n| \u003ca name=\"input_cidr_ipv4\"\u003e\u003c/a\u003e [cidr\\_ipv4](#input\\_cidr\\_ipv4) | The source IPv4 CIDR range for this ingress rule. Mutually exclusive with cidr\\_ipv6, prefix\\_list\\_id, and referenced\\_security\\_group\\_id. | `string` | `null` | no |\n| \u003ca name=\"input_cidr_ipv6\"\u003e\u003c/a\u003e [cidr\\_ipv6](#input\\_cidr\\_ipv6) | The source IPv6 CIDR range for this ingress rule. Mutually exclusive with cidr\\_ipv4, prefix\\_list\\_id, and referenced\\_security\\_group\\_id. | `string` | `null` | no |\n| \u003ca name=\"input_prefix_list_id\"\u003e\u003c/a\u003e [prefix\\_list\\_id](#input\\_prefix\\_list\\_id) | The ID of the prefix list for the source of this ingress rule. Mutually exclusive with cidr\\_ipv4, cidr\\_ipv6, and referenced\\_security\\_group\\_id. | `string` | `null` | no |\n| \u003ca name=\"input_referenced_security_group_id\"\u003e\u003c/a\u003e [referenced\\_security\\_group\\_id](#input\\_referenced\\_security\\_group\\_id) | The ID of the source security group for this ingress rule. Mutually exclusive with cidr\\_ipv4, cidr\\_ipv6, and prefix\\_list\\_id. | `string` | `null` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | The description of this ingress rule. | `string` | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of tags to assign to the ingress rule. | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_id\"\u003e\u003c/a\u003e [id](#output\\_id) | The Terraform resource ID of the security group ingress rule. |\n| \u003ca name=\"output_security_group_rule_id\"\u003e\u003c/a\u003e [security\\_group\\_rule\\_id](#output\\_security\\_group\\_rule\\_id) | The AWS-assigned unique identifier for the security group rule. |\n| \u003ca name=\"output_security_group_id\"\u003e\u003c/a\u003e [security\\_group\\_id](#output\\_security\\_group\\_id) | The ID of the security group to which this ingress rule is attached. |\n| \u003ca name=\"output_ingress_rule_effective_source\"\u003e\u003c/a\u003e [ingress\\_rule\\_effective\\_source](#output\\_ingress\\_rule\\_effective\\_source) | A canonical string describing the effective source for this ingress rule (CIDR, prefix list, or security group). |\n| \u003ca name=\"output_arn\"\u003e\u003c/a\u003e [arn](#output\\_arn) | The ARN of the security group rule. |\n| \u003ca name=\"output_tags_all\"\u003e\u003c/a\u003e [tags\\_all](#output\\_tags\\_all) | A map of tags assigned to the resource, including those inherited from the provider default\\_tags. |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_primitive-vpc_security_group_ingress_rule/lists"}