Initial Release

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in the repo. Unless a later match takes precedence
+
+* @douglas-f ksnavely-cf

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/enhancement-request.md

@@ -0,0 +1,20 @@
+---
+name: Enhancement request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/org-checkov.yml

@@ -0,0 +1,14 @@
+name: Org Checkov
+on:
+    pull_request:
+      paths:
+        - '**.tf'
+      branches:
+        - main
+    workflow_call:
+
+jobs:
+  check-markdown:
+    uses: Coalfire-CF/Actions/.github/workflows/org-checkov.yml@main
+    with:
+      skip-path: examples

.github/workflows/org-md-lint.yml

@@ -0,0 +1,12 @@
+name: Markdown Lint
+on:
+    pull_request:
+      paths:
+        - '**.md'
+      branches:
+        - main
+    workflow_call:
+
+jobs:
+  check-markdown:
+    uses: Coalfire-CF/Actions/.github/workflows/org-markdown-lint.yml@main

.github/workflows/org-release.yml

@@ -0,0 +1,11 @@
+name: Org Release
+on:
+    pull_request:
+        types:
+        - closed
+        branches:
+        - main
+
+jobs:
+  create-release:
+    uses: Coalfire-CF/Actions/.github/workflows/org-release.yml@main

.github/workflows/org-terraform-docs.yml

@@ -0,0 +1,8 @@
+name: Org Terraform Docs
+on:
+    pull_request:
+    workflow_call:
+
+jobs:
+  terraform-docs:
+    uses: Coalfire-CF/Actions/.github/workflows/org-terraform-docs.yml@main

.gitignore

@@ -0,0 +1,37 @@
+# Local .terraform directories
+**/.terraform/*
+.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+.idea
+.idea/*
+.vscode
+.vscode/
+*.iml
+*.zip
+.DS_Store
+
+# NessusBurp Install files are too large to commit
+**/nessusburp/*.exe
+**/nessusburp/*.msi
+**/nessusburp/*.txt
+
+# Ansible
+*.pub
+*.ppk

CONTRIBUTING.md

@@ -0,0 +1,72 @@
+# Contributing
+
+When contributing to this repository, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1. Ensure any install or build dependencies are removed before the end of the layer when doing a
+   build.
+2. Update the README.md with details of changes to the interface, this includes new environment
+   variables, exposed ports, useful file locations and container parameters.
+3. Increase the version numbers in any examples files and the README.md to the new version that this
+   Pull Request would represent. The versioning scheme we use is [SemVer](http://semver.org/).
+4. You may merge the Pull Request in once you have the sign-off of two other developers, or if you
+   do not have permission to do that, you may request the second reviewer to merge it for you.
+
+## Coalfire Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we, as contributors and project maintainers, pledge to make participation in our project and our community a harassment-free experience for everyone.
+
+## Our Values
+
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. Our community reflects our company values:
+
+Respect: We believe in acknowledging the rights, beliefs, and perspectives of others.
+
+Excellence: We endeavor to adopt best practices in everything we do.
+
+Leadership: We encourage thought leadership and innovation.
+
+Integrity: We uphold the highest ethical standards in all our interactions.
+
+Teamwork: We believe in the power of working together to achieve our common goals.
+
+Enthusiasm: We approach every task with energy and eagerness.
+
+## Expected Behavior
+
+Demonstrate empathy and kindness toward other people.
+
+Be respectful of differing opinions, viewpoints, and experiences.
+
+Offer and gracefully accept constructive feedback.
+
+Show courtesy and respect in public and private communications.
+
+Avoid personal attacks directed toward other contributors.
+
+## Unacceptable Behavior
+
+Any form of discrimination and harassment is unacceptable. This includes but is not
+limited to; offensive comments related to gender, sexual orientation, race, religion, disability, physical appearance, or other protected categories.
+
+Public or private harassment, deliberate intimidation, violence, or threats of.
+
+Publishing others’ private information, such as a physical or email address, without their explicit permission.
+
+• The use of sexualized language or imagery and unwelcome sexual attention or advances.
+
+• Trolling, insulting/derogatory comments, and personal or political attacks.
+
+## Reporting & Enforcement
+
+We encourage all communities to resolve issues on their own whenever possible. If you are unable to resolve the matter for any reason, or if the behavior is threatening or harassing, report it. We are dedicated to providing an environment where participants feel welcome and safe. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at <[email protected]>. All complaints will be reviewed and investigated promptly and fairly. Confidentiality will be maintained for the reporter of an incident.
+
+We will use our discretion in determining when and how we follow up with reported incidents.  Consequences of violating this code may include, but are not limited to, a temporary or permanent ban from project participation, removal of contributions, and reporting the incident to employers or legal authorities as appropriate.  
+
+This Code of Conduct is a living document and will evolve with the community. The project maintainers reserve the right to update this code as necessary. Any changes will be communicated to community members.

License.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Coalfire Systems, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,89 @@
+![Coalfire](coalfire_logo.png)
+
+# AWS Security Group Terraform Module
+
+## Description
+
+This module creates an AWS security group with a network interface attachment to connect to an existing network interface.
+
+## Dependencies
+
+Any resources requiring security groups
+
+## Resource List
+
+- Security Group
+- Network Interface Associations (optional)
+
+## Deployment Steps
+
+This module can be called as outlined below.
+
+- Change directories to the `examples/simple` directory.
+- From the `examples/simple` directory run `terraform init`.
+- Ensure that the `tfvars/example.tfvars` variables are correct (especially the profile) or create a new tfvars file with the correct variables
+- Run `terraform plan -var-file tfvars/examples.tfvars` (or the newly created file) to review the resources being created.
+- If everything looks correct in the plan output, run `terraform apply -var-file tfvars/examples.tfvars`.
+
+## Usage
+
+The directory `examples/simple` shows a basic declaration and use of the module, whereas `examples/network-associations` demonstrates the module's ability to create associations between the security group and any network interfaces (when provided with a list of desired network interface ids).
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_network_interface_sg_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface_sg_attachment) | resource |
+| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_network_interface.interfaces](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/network_interface) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_description"></a> [description](#input\_description) | This overwrites the default generated description for the security group | `string` | `"Managed by Terraform"` | no |
+| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | The list of rules for egress traffic. Required fields for each rule are 'protocol', 'from\_port', 'to\_port', and at least one of 'cidr\_blocks', 'ipv6\_cidr\_blocks', 'security\_groups', 'self', or 'prefix\_list\_sg'. Optional fields are 'description' and those not used from the previous list | <pre>list(object({<br>    protocol         = string<br>    from_port        = string<br>    to_port          = string<br>    cidr_blocks      = optional(list(string), [])<br>    ipv6_cidr_blocks = optional(list(string), [])<br>    prefix_list_ids  = optional(list(string), [])<br>    security_groups  = optional(list(string), [])<br>    self             = optional(bool)<br>    description      = optional(string, "Managed by Terraform")<br>  }))</pre> | `[]` | no |
+| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | The list of rules for ingress traffic. Required fields for each rule are 'protocol', 'from\_port', 'to\_port', and at least one of 'cidr\_blocks', 'ipv6\_cidr\_blocks', 'security\_groups', 'self', or 'prefix\_list\_sg'. Optional fields are 'description' and those not used from the previous list | <pre>list(object({<br>    protocol         = string<br>    from_port        = string<br>    to_port          = string<br>    cidr_blocks      = optional(list(string), [])<br>    ipv6_cidr_blocks = optional(list(string), [])<br>    prefix_list_ids  = optional(list(string), [])<br>    security_groups  = optional(list(string), [])<br>    self             = optional(bool)<br>    description      = optional(string, "Managed by Terraform")<br>  }))</pre> | `[]` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the created security group. Conflicts with 'sg\_name\_prefix' | `string` | `""` | no |
+| <a name="input_network_interface_resource_associations"></a> [network\_interface\_resource\_associations](#input\_network\_interface\_resource\_associations) | The IDs of already existing network interfaces to be associated with the created security group. If used, do not declare sg in the creation of those resources | `list(string)` | `[]` | no |
+| <a name="input_sg_name_prefix"></a> [sg\_name\_prefix](#input\_sg\_name\_prefix) | The prefix to be used while generating a unique name for the security group. Conflicts with 'sg\_name' | `string` | `""` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to add to the created security group | `map(string)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC that the security group will be associated with | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_associated_network_interfaces"></a> [associated\_network\_interfaces](#output\_associated\_network\_interfaces) | The ARNs of the network interfaces associated to the security group by this module |
+| <a name="output_id"></a> [id](#output\_id) | The id of the created security group |
+<!-- END_TF_DOCS -->
+
+## Contributing
+
+If you're interested in contributing to our projects, please review the [Contributing Guidelines](CONTRIBUTING.md). And send an email to [our team]([email protected]) to receive a copy of our CLA and start the onboarding process.
+
+## License
+
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/license/mit/)
+
+### Copyright
+
+Copyright © 2023 Coalfire Systems Inc.

examples/network-associations/README.md

@@ -0,0 +1,9 @@
+## Security Group module network association example
+
+One of the prerequisites of the security group module is that it is capable of creating network associations on its own.
+
+This example should create three (3) EC2 instances, two of which will be attached to the security group by the module itself, and the third will attach the security group inline.
+
+Any resource that has a network interface attached to it can input the ID of the network interface in order to make an association.
+
+NOTE: Using the security group to associate a network interface that is attached to an instance that has already associated itself with the security group in its declaraction WILL NOT WORK.