This terraform module creates set of Security Group and Security Group Rules resources in various combinations.
We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure.
This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
We have fifty plus terraform modules. A few of them are comepleted and are available for open source usage while a few others are in progress.
This module has a few dependencies:
- Terraform 1.x.x
- Go
- github.com/stretchr/testify/assert
- github.com/gruntwork-io/terratest/modules/terraform
IMPORTANT: Since the master branch used in source varies based on new modifications, we suggest that you use the release versions here.
Here is an example of how you can use this module in your inventory structure:
# use this
module "security_group" {
source = "clouddrove/security-group/aws"
version = "1.0.1"
name = "security-group"
environment = "test"
protocol = "tcp"
label_order = ["name", "environment"]
vpc_id = "vpc-xxxxxxxxx"
allowed_ip = ["172.16.0.0/16", "10.0.0.0/16"]
allowed_ipv6 = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
allowed_ports = [22, 27017]
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_ip | List of allowed ip. | list(any) |
[] |
no |
| allowed_ipv6 | List of allowed ipv6. | list(any) |
[] |
no |
| allowed_ports | List of allowed ingress ports | list(any) |
[] |
no |
| attributes | Additional attributes (e.g. 1). |
list(any) |
[] |
no |
| description | The security group description. | string |
"Instance default security group (only egress access is allowed)." |
no |
| egress_allowed_ip | List of allowed ip. | list(any) |
[] |
no |
| egress_allowed_ipv6 | List of allowed ipv6. | list(any) |
[] |
no |
| egress_allowed_ports | List of allowed ingress ports | list(any) |
[] |
no |
| egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints)Only valid with egress | list(any) |
[] |
no |
| egress_protocol | The protocol. If not icmp, tcp, udp, or all use the. | string |
"tcp" |
no |
| egress_rule | Enable to create egress rule | bool |
false |
no |
| egress_security_groups | List of Security Group IDs allowed to connect to the instance. | list(string) |
[] |
no |
| enable_security_group | Enable default Security Group with only Egress traffic allowed. | bool |
true |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| existing_sg_id | Provide existing security group id for updating existing rule | string |
null |
no |
| is_external | enable to udated existing security Group | bool |
false |
no |
| label_order | Label order, e.g. name,application. |
list(any) |
[] |
no |
| managedby | ManagedBy, eg 'CloudDrove'. | string |
"[email protected]" |
no |
| name | Name (e.g. app or cluster). |
string |
"" |
no |
| prefix_list | List of prefix list IDs (for allowing access to VPC endpoints)Only valid with egress | list(any) |
[] |
no |
| prefix_list_ids | Provide allow source Prefix id of resources | list(string) |
[] |
no |
| protocol | The protocol. If not icmp, tcp, udp, or all use the. | string |
"tcp" |
no |
| repository | Terraform current module repo | string |
"https://github.com/clouddrove/terraform-aws-security-group" |
no |
| security_groups | List of Security Group IDs allowed to connect to the instance. | list(string) |
[] |
no |
| tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(string) |
{} |
no |
| vpc_id | The ID of the VPC that the instance security group belongs to. | string |
"" |
no |
| Name | Description |
|---|---|
| security_group_ids | IDs on the AWS Security Groups associated with the instance. |
| tags | A mapping of public tags to assign to the resource. |
In this module testing is performed with terratest and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a GO environment in your system.
You need to run the following command in the testing folder:
go test -run TestIf you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at [email protected].
If you have found it worth your time, go ahead and give us a ★ on our GitHub!
At CloudDrove, we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
We are The Cloud Experts!
We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.