{"id":48211152,"url":"https://github.com/techservicesillinois/terraform-aws-client-server-security-group","last_synced_at":"2026-04-04T18:48:35.455Z","repository":{"id":50922439,"uuid":"168731268","full_name":"techservicesillinois/terraform-aws-client-server-security-group","owner":"techservicesillinois","description":"Provide two-level security groups for RDS instances","archived":false,"fork":false,"pushed_at":"2024-01-04T21:30:38.000Z","size":238,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-01-05T06:36:03.150Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/techservicesillinois.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-02-01T17:01:01.000Z","updated_at":"2024-01-04T21:29:22.000Z","dependencies_parsed_at":"2024-01-04T06:32:01.994Z","dependency_job_id":"fe793ad1-b387-46cf-88fc-4860f47544db","html_url":"https://github.com/techservicesillinois/terraform-aws-client-server-security-group","commit_stats":null,"previous_names":[],"tags_count":7,"template":null,"template_full_name":null,"purl":"pkg:github/techservicesillinois/terraform-aws-client-server-security-group","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techservicesillinois%2Fterraform-aws-client-server-security-group","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techservicesillinois%2Fterraform-aws-client-server-security-group/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techservicesillinois%2Fterraform-aws-client-server-security-group/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techservicesillinois%2Fterraform-aws-client-server-security-group/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/techservicesillinois","download_url":"https://codeload.github.com/techservicesillinois/terraform-aws-client-server-security-group/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techservicesillinois%2Fterraform-aws-client-server-security-group/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31409470,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-04T18:48:34.877Z","updated_at":"2026-04-04T18:48:35.434Z","avatar_url":"https://github.com/techservicesillinois.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# client-server-security-group\n\n[![Terraform actions status](https://github.com/techservicesillinois/terraform-aws-client-server-security-group/workflows/terraform/badge.svg)](https://github.com/techservicesillinois/terraform-aws-client-server-security-group/actions)\n\nProvides two security groups for use in client/server communications\non a given port. The client security group allows only outbound\nconnections to servers belonging to the server security group. The\nserver security group only allows inbound connections from clients\nthat are members of the client security group. This restricts server\naccess to only those clients in the client security group.\n\nExample Usage\n-----------------\n\n```hcl\nmodule \"foo\" {\n  source = \"git@github.com:techservicesillinois/terraform-aws-client-server-security-group\"\n  vpc         = include.vpc.inputs.vpc.name\n  name_prefix = \"authman-db\"\n  rules = {\n    tcp = [1521, 5432]\n  }\n  vpc         = \"dev-vpc\"\n}\n```\n\nNote: this will create two security groups: `authman-db-clients` and `authman-db-servers`.\n\n![Client-Server Security Group Graphic](images/terraform-aws-client-server-security-group.png)\n\nThe above graphic depicts a security group configuration for an RDS instance\nrunning MySQL, and three clients, which may be EC2 instances, ECS containers,\nand so forth.\nOnly clients that are members of the`authman-db-clients` security group are able to\nestablish a connection with the servers in the `authman-db-servers` security group,\nand only on the designated port (3306 in this example).\n\nArgument Reference\n-----------------\n\nThe following arguments are supported:\n\n* `cidr_blocks_extra` - (Optional) List of additional CIDR blocks granted access to the server security group. Defaults to an empty list.\n* `client_sg_name` - Client security group name (Ignored if name_prefix is set).\n* `name_prefix` - Prefix to prepend to autogenerated security group names\n* `rules` – (Required) A [rules](#rules) block used to define the security group based on protocol and port.\n* `server_sg_name` - Server security group name (Ignored if name_prefix is set).\n* `tags` - Tags to be applied. (A default `Name` tag is assigned using the security group  name.)\n* `vpc` - (Required) The VPC name.\n\n`rules`\n-----\n\nA `rules` block supports the following:\n\n* `icmp` - (Optional) A list of ports to be opened for the ICMP protocol. See note below.\n* `tcp` - (Optional) A list of ports to be opened for the TCP protocol.\n* `udp` - (Optional) A list of ports to be opened for the UDP protocol.\n\n**NOTE:** For the ICMP protocol, use one or more ICMP type number(s) in the port list.\n\nWhile none of the supported protocols are required as part of the `rules` block, **at least one** protocol must be specified with a non-empty port list. \n\nAttributes Reference\n--------------------\n\nThe following attributes are exported:\n\n* `client_security_group_id` - The ID of the client security group\n* `client_security_group_name` - The name of the client security group\n* `rule_map` - A map listing each port and protocol granted access to the security group. See below for details.\n* `server_security_group_id` - The ID of the server security group\n* `server_security_group_name` - The name of the server security group\n   \n### The `rule_map` attribute\n\nThe `rule_map` attribute expresses the security group rules as a map of maps.\n\nFor example, the following `rules` block grants access to the standard TCP ports used by Oracle and PostgreSQL:\n   \n```hcl\nrules = {\n  tcp = [1521, 5432]\n}\n```\n\nThe `rule_map` attribute would be produced as shown below.\n\n```hcl\nrule_map = {\n  \"tcp:1521\" = {\n    \"key\" = \"tcp:1521\"\n    \"port\" = 1521\n    \"protocol\" = \"tcp\"\n  }\n  \"tcp:5432\" = {\n    \"key\" = \"tcp:5432\"\n    \"port\" = 5432\n    \"protocol\" = \"tcp\"\n  }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechservicesillinois%2Fterraform-aws-client-server-security-group","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechservicesillinois%2Fterraform-aws-client-server-security-group","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechservicesillinois%2Fterraform-aws-client-server-security-group/lists"}