https://github.com/geekcell/terraform-aws-security-group
Terraform module to provision an AWS Security Group.
https://github.com/geekcell/terraform-aws-security-group
aws security-group terraform terraform-module
Last synced: about 1 month ago
JSON representation
Terraform module to provision an AWS Security Group.
- Host: GitHub
- URL: https://github.com/geekcell/terraform-aws-security-group
- Owner: geekcell
- License: apache-2.0
- Created: 2022-11-09T15:01:51.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-11-02T10:02:30.000Z (over 1 year ago)
- Last Synced: 2025-04-05T22:17:12.957Z (about 2 months ago)
- Topics: aws, security-group, terraform, terraform-module
- Language: HCL
- Homepage: https://www.geekcell.io
- Size: 82 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://www.geekcell.io/)
### Code Quality
[](https://github.com/geekcell/terraform-aws-security-group/blob/master/LICENSE)
[](https://github.com/geekcell/terraform-aws-security-group/releases)
[](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/release.yaml)
[](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/validate.yaml)
[](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/linter.yaml)
[](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/test.yaml)
### Security
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=INFRASTRUCTURE+SECURITY)
#### Cloud
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AWS+V1.2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AWS+V1.3)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AZURE+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AZURE+V1.3)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+GCP+V1.1)
##### Container
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+KUBERNETES+V1.6)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+EKS+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+GKE+V1.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+KUBERNETES+V1.5)
#### Data protection
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=SOC2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=PCI-DSS+V3.2)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=PCI-DSS+V3.2.1)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=ISO27001)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=NIST-800-53)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=HIPAA)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=FEDRAMP+%28MODERATE%29)
# Terraform AWS Security Group
Terraform module to create a Security Group with ingress and egress rules in one go.
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [description](#input\_description) | Description of the Security Group. | `string` | `null` | no |
| [egress\_rules](#input\_egress\_rules) | Egress rules to add to the Security Group. See examples for usage. |
list(object({
protocol = string
description = optional(string)
port = optional(number)
to_port = optional(number)
from_port = optional(number)
cidr_blocks = optional(list(string))
prefix_list_ids = optional(list(string))
source_security_group_id = optional(string)
self = optional(bool)
})) | `[]` | no |
| [ingress\_rules](#input\_ingress\_rules) | Ingress rules to add to the Security Group. See examples for usage. | list(object({
protocol = string
description = optional(string)
port = optional(number)
to_port = optional(number)
from_port = optional(number)
cidr_blocks = optional(list(string))
prefix_list_ids = optional(list(string))
source_security_group_id = optional(string)
self = optional(bool)
})) | `[]` | no |
| [name](#input\_name) | Name of the Security Group and Prefix. | `string` | n/a | yes |
| [name\_prefix](#input\_name\_prefix) | Whether to use the name as prefix or regular name. | `bool` | `true` | no |
| [revoke\_rules\_on\_delete](#input\_revoke\_rules\_on\_delete) | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed. | `bool` | `false` | no |
| [tags](#input\_tags) | Tags to add to the Security Group. | `map(any)` | `{}` | no |
| [vpc\_id](#input\_vpc\_id) | The VPC ID where resources are created. | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [security\_group\_id](#output\_security\_group\_id) | Security Group ID |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 4.36 |
## Resources
- resource.aws_security_group.main (main.tf#6)
- resource.aws_security_group_rule.main_egress (main.tf#35)
- resource.aws_security_group_rule.main_ingress (main.tf#18)
# Examples
### Full
```hcl
module "vpc" {
source = "registry.terraform.io/terraform-aws-modules/vpc/aws"
version = "~> 5.0.0"
name = "${var.name}-main"
cidr = "10.100.0.0/16"
}
module "source_security_group" {
source = "../../"
name = var.name
vpc_id = module.vpc.vpc_id
}
resource "aws_ec2_managed_prefix_list" "test" {
name = "All VPC CIDR-s"
address_family = "IPv4"
max_entries = 5
entry {
cidr = "10.100.0.0/16"
description = "Primary"
}
}
module "full" {
source = "../../"
vpc_id = module.vpc.vpc_id
name = var.name
description = "Testing Terraform full example"
ingress_rules = [
# To/From ports are the same
{
port = 3306
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
# Different To/From ports
{
from_port = 3306
to_port = 54321
protocol = "tcp"
cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"]
},
# Allow other SG instead of CIDR
{
port = 3306
protocol = "udp"
source_security_group_id = module.source_security_group.security_group_id
},
# Using self
{
port = 3306
protocol = "udp"
self = true
}
]
egress_rules = [
# To/From ports are the same
{
port = 3306
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
# Different To/From ports
{
from_port = 3306
to_port = 54321
protocol = "tcp"
cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"]
},
# Allow other SG instead of CIDR
{
port = 3306
protocol = "udp"
source_security_group_id = module.source_security_group.security_group_id
},
# Using self
{
port = 3306
protocol = "udp"
self = true
},
# Using prefix list
{
port = 443
protocol = "tcp"
prefix_list_ids = [aws_ec2_managed_prefix_list.test.id]
}
]
}
```