Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/geekcell/terraform-aws-security-group

Terraform module to provision an AWS Security Group.
https://github.com/geekcell/terraform-aws-security-group
aws security-group terraform terraform-module
Last synced: about 24 hours ago
JSON representation
Terraform module to provision an AWS Security Group.
Host: GitHub
URL: https://github.com/geekcell/terraform-aws-security-group
Owner: geekcell
License: apache-2.0
Created: 2022-11-09T15:01:51.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2023-11-02T10:02:30.000Z (11 months ago)
Last Synced: 2024-09-22T05:02:19.648Z (6 days ago)
Topics: aws, security-group, terraform, terraform-module
Language: HCL
Homepage: https://www.geekcell.io
Size: 82 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

        
[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)

### Code Quality

[![License](https://img.shields.io/github/license/geekcell/terraform-aws-security-group)](https://github.com/geekcell/terraform-aws-security-group/blob/master/LICENSE)

[![GitHub release (latest tag)](https://img.shields.io/github/v/release/geekcell/terraform-aws-security-group?logo=github&sort=semver)](https://github.com/geekcell/terraform-aws-security-group/releases)

[![Release](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/release.yaml)

[![Validate](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/validate.yaml)

[![Lint](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/linter.yaml)

[![Test](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/test.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-security-group/actions/workflows/test.yaml)

### Security

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=INFRASTRUCTURE+SECURITY)

#### Cloud

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AWS+V1.2)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_aws_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AWS+V1.3)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AZURE+V1.1)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_azure_13)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+AZURE+V1.3)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+GCP+V1.1)

##### Container

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_kubernetes_16)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+KUBERNETES+V1.6)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_eks_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+EKS+V1.1)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_gke_11)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+GKE+V1.1)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=CIS+KUBERNETES+V1.5)

#### Data protection

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=SOC2)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=PCI-DSS+V3.2)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/pci_dss_v321)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=PCI-DSS+V3.2.1)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=ISO27001)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=NIST-800-53)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=HIPAA)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-security-group/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-security-group&benchmark=FEDRAMP+%28MODERATE%29)

# Terraform AWS Security Group

Terraform module to create a Security Group with ingress and egress rules in one go.

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [description](#input\_description) | Description of the Security Group. | `string` | `null` | no |

|  [egress\_rules](#input\_egress\_rules) | Egress rules to add to the Security Group. See examples for usage. | 
list(object({
    protocol    = string
    description = optional(string)

    port      = optional(number)
    to_port   = optional(number)
    from_port = optional(number)

    cidr_blocks              = optional(list(string))
    prefix_list_ids          = optional(list(string))
    source_security_group_id = optional(string)
    self                     = optional(bool)
  })) | `[]` | no |

|  [ingress\_rules](#input\_ingress\_rules) | Ingress rules to add to the Security Group. See examples for usage. | list(object({
    protocol    = string
    description = optional(string)

    port      = optional(number)
    to_port   = optional(number)
    from_port = optional(number)

    cidr_blocks              = optional(list(string))
    prefix_list_ids          = optional(list(string))
    source_security_group_id = optional(string)
    self                     = optional(bool)
  })) | `[]` | no |

|  [name](#input\_name) | Name of the Security Group and Prefix. | `string` | n/a | yes |

|  [name\_prefix](#input\_name\_prefix) | Whether to use the name as prefix or regular name. | `bool` | `true` | no |

|  [revoke\_rules\_on\_delete](#input\_revoke\_rules\_on\_delete) | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed. | `bool` | `false` | no |

|  [tags](#input\_tags) | Tags to add to the Security Group. | `map(any)` | `{}` | no |

|  [vpc\_id](#input\_vpc\_id) | The VPC ID where resources are created. | `string` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [security\_group\_id](#output\_security\_group\_id) | Security Group ID |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 4.36 |

## Resources

- resource.aws_security_group.main (main.tf#6)

- resource.aws_security_group_rule.main_egress (main.tf#35)

- resource.aws_security_group_rule.main_ingress (main.tf#18)

# Examples

### Full

```hcl

module "vpc" {

  source  = "registry.terraform.io/terraform-aws-modules/vpc/aws"

  version = "~> 5.0.0"

  name = "${var.name}-main"

  cidr = "10.100.0.0/16"

}

module "source_security_group" {

  source = "../../"

  name   = var.name

  vpc_id = module.vpc.vpc_id

}

resource "aws_ec2_managed_prefix_list" "test" {

  name           = "All VPC CIDR-s"

  address_family = "IPv4"

  max_entries    = 5

  entry {

    cidr        = "10.100.0.0/16"

    description = "Primary"

  }

}

module "full" {

  source = "../../"

  vpc_id      = module.vpc.vpc_id

  name        = var.name

  description = "Testing Terraform full example"

  ingress_rules = [

    # To/From ports are the same

    {

      port        = 3306

      protocol    = "tcp"

      cidr_blocks = ["0.0.0.0/0"]

    },

    # Different To/From ports

    {

      from_port   = 3306

      to_port     = 54321

      protocol    = "tcp"

      cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"]

    },

    # Allow other SG instead of CIDR

    {

      port                     = 3306

      protocol                 = "udp"

      source_security_group_id = module.source_security_group.security_group_id

    },

    # Using self

    {

      port     = 3306

      protocol = "udp"

      self     = true

    }

  ]

  egress_rules = [

    # To/From ports are the same

    {

      port        = 3306

      protocol    = "tcp"

      cidr_blocks = ["0.0.0.0/0"]

    },

    # Different To/From ports

    {

      from_port   = 3306

      to_port     = 54321

      protocol    = "tcp"

      cidr_blocks = ["127.0.0.0/8", "10.0.0.0/8"]

    },

    # Allow other SG instead of CIDR

    {

      port                     = 3306

      protocol                 = "udp"

      source_security_group_id = module.source_security_group.security_group_id

    },

    # Using self

    {

      port     = 3306

      protocol = "udp"

      self     = true

    },

    # Using prefix list

    {

      port            = 443

      protocol        = "tcp"

      prefix_list_ids = [aws_ec2_managed_prefix_list.test.id]

    }

  ]

}

```