Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/epsilon-limited-solutions/tf-module-security-groups

Production-ready Terraform module for Security groups with predefined rule templates
https://github.com/epsilon-limited-solutions/tf-module-security-groups

aws infrastructure infrastructure-as-code terraform terraform-module

Last synced: about 1 month ago
JSON representation

Production-ready Terraform module for Security groups with predefined rule templates

Awesome Lists containing this project

README 

          
# tf-module-security-groups



A flexible Terraform module for creating AWS Security Groups with support for predefined rule templates and custom rules.



## Features



- **Predefined Rule Templates**: HTTP, HTTPS, SSH patterns built-in

- **Flexible Rule Definition**: Support for CIDR blocks, security groups, and prefix lists

- **Description Required**: All rules must have descriptions for auditability

- **Multiple Input Formats**: Simplified or detailed rule definitions

- **Security Best Practices**: Revoke rules on delete, create before destroy



## Usage



### Basic Web Server Security Group



```hcl

module "web_sg" {

  source = "./tf-module-security-groups"



  name        = "web-server"

  description = "Security group for web servers"

  environment = "production"

  vpc_id      = module.vpc.vpc_id



  # Enable predefined rules

  enable_http_ingress  = true

  enable_https_ingress = true



  http_ingress_cidr_blocks  = ["10.0.0.0/8"]

  https_ingress_cidr_blocks = ["10.0.0.0/8"]



  tags = {

    Application = "web"

  }

}

```



### Database Security Group with Source Security Group



```hcl

module "database_sg" {

  source = "./tf-module-security-groups"



  name        = "database"

  description = "Security group for PostgreSQL database"

  environment = "production"

  vpc_id      = module.vpc.vpc_id



  enable_all_egress = false



  ingress_with_source_security_group_id = [

    {

      description              = "PostgreSQL from app servers"

      from_port                = 5432

      protocol                 = "tcp"

      source_security_group_id = module.app_sg.security_group_id

      to_port                  = 5432

    }

  ]



  egress_with_cidr_blocks = [

    {

      cidr_blocks = ["10.0.0.0/8"]

      description = "Allow outbound to VPC"

      from_port   = 0

      protocol    = "-1"

      to_port     = 0

    }

  ]



  tags = {

    Application = "database"

  }

}

```



### Complex Rules with Multiple Sources



```hcl

module "app_sg" {

  source = "./tf-module-security-groups"



  name        = "application"

  description = "Security group for application servers"

  environment = "production"

  vpc_id      = module.vpc.vpc_id



  # Custom ingress rules

  ingress_rules = [

    {

      cidr_blocks              = ["10.0.1.0/24", "10.0.2.0/24"]

      description              = "HTTP from private subnets"

      from_port                = 8080

      ipv6_cidr_blocks         = null

      prefix_list_ids          = null

      protocol                 = "tcp"

      source_security_group_id = null

      to_port                  = 8080

    },

    {

      cidr_blocks              = null

      description              = "gRPC from other app servers"

      from_port                = 50051

      ipv6_cidr_blocks         = null

      prefix_list_ids          = null

      protocol                 = "tcp"

      source_security_group_id = module.app_sg.security_group_id

      to_port                  = 50051

    }

  ]



  tags = {

    Application = "app-tier"

  }

}

```



## Requirements



| Name | Version |

|------|---------|

| terraform | >= 1.0 |

| aws | >= 5.0 |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|----------|

| name | Name of the security group | `string` | n/a | yes |

| description | Description of the security group | `string` | n/a | yes |

| environment | Environment name | `string` | n/a | yes |

| vpc_id | VPC ID | `string` | n/a | yes |

| enable_all_egress | Enable all outbound traffic | `bool` | `true` | no |

| enable_http_ingress | Enable HTTP ingress | `bool` | `false` | no |

| enable_https_ingress | Enable HTTPS ingress | `bool` | `false` | no |

| enable_ssh_ingress | Enable SSH ingress | `bool` | `false` | no |

| ingress_rules | List of ingress rules | `list(object)` | `[]` | no |

| egress_rules | List of egress rules | `list(object)` | `[]` | no |



## Outputs



| Name | Description |

|------|-------------|

| security_group_id | The ID of the security group |

| security_group_arn | The ARN of the security group |

| security_group_name | The name of the security group |



## License



MIT