AWS Security Group Terraform Module

Description

This module creates an AWS security group with a network interface attachment to connect to an existing network interface.

Dependencies

Any resources requiring security groups

Resource List

• Security Group
• Network Interface Associations (optional)

Deployment Steps

This module can be called as outlined below.

• Change directories to the examples/simple directory.
• From the examples/simple directory run terraform init.
• Ensure that the tfvars/example.tfvars variables are correct (especially the profile) or create a new tfvars file with the correct variables
• Run terraform plan -var-file tfvars/examples.tfvars (or the newly created file) to review the resources being created.
• If everything looks correct in the plan output, run terraform apply -var-file tfvars/examples.tfvars.

Usage

The directory examples/simple shows a basic declaration and use of the module, whereas examples/network-associations demonstrates the module's ability to create associations between the security group and any network interfaces (when provided with a list of desired network interface ids).

Requirements

Name	Version
terraform	>= 1.5.0
aws	~> 5.0

Providers

Name	Version
aws	~> 5.0

Modules

No modules.

Resources

Name	Type
aws_network_interface_sg_attachment.this	resource
aws_security_group.this	resource
aws_vpc_security_group_egress_rule.this	resource
aws_vpc_security_group_ingress_rule.this	resource
aws_network_interface.interfaces	data source

Inputs

Name	Description	Type	Default	Required
description	This overwrites the default generated description for the security group	string	"Managed by Terraform"	no
egress_rules	The list of rules for egress traffic. Required fields for each rule are 'protocol', 'from_port', 'to_port', and at least one of 'cidr_blocks', 'ipv6_cidr_blocks', 'security_groups', 'self', or 'prefix_list_sg'. Optional fields are 'description' and those not used from the previous list	map(object({ cidr_ipv4 = optional(string, null) cidr_ipv6 = optional(string, null) description = optional(string, "Managed by Terraform") from_port = optional(string, null) ip_protocol = optional(string, null) prefix_list_id = optional(string, null) referenced_security_group_id = optional(string, null) to_port = optional(string, null) }))	{}	no
ingress_rules	The list of rules for ingress traffic. Required fields for each rule are 'protocol', 'from_port', 'to_port', and at least one of 'cidr_blocks', 'ipv6_cidr_blocks', 'security_groups', 'self', or 'prefix_list_sg'. Optional fields are 'description' and those not used from the previous list	map(object({ cidr_ipv4 = optional(string, null) cidr_ipv6 = optional(string, null) description = optional(string, "Managed by Terraform") from_port = optional(string, null) ip_protocol = optional(string, null) prefix_list_id = optional(string, null) referenced_security_group_id = optional(string, null) to_port = optional(string, null) }))	{}	no
name	The name of the created security group. Conflicts with 'sg_name_prefix'	string	""	no
network_interface_resource_associations	The IDs of already existing network interfaces to be associated with the created security group. If used, do not declare sg in the creation of those resources	list(string)	[]	no
sg_name_prefix	The prefix to be used while generating a unique name for the security group. Conflicts with 'sg_name'	string	""	no
tags	Tags to add to the created security group	map(string)	{}	no
vpc_id	The ID of the VPC that the security group will be associated with	string	null	no

Outputs

Name	Description
associated_network_interfaces	The ARNs of the network interfaces associated to the security group by this module
id	The id of the created security group

Contributing

If you're interested in contributing to our projects, please review the Contributing Guidelines. And send an email to our team to receive a copy of our CLA and start the onboarding process.

License

Copyright

Copyright © 2023 Coalfire Systems Inc.