Skip to content

Module Structure

terraform-aws-arc-security-group

Latest Release Last Updated Terraform GitHub Actions

Quality gate

Known Vulnerabilities

Introduction

The SourceFuse AWS Reference Architecture (ARC) Terraform module for creating and managing AWS security groups with customizable rules. It simplifies defining inbound and outbound rules for specific protocols, ports, and CIDR ranges, ensuring secure and efficient network traffic control in your infrastructure.

For more information about this repository and its usage, please see Terraform AWS ARC Security Group Module Usage Guide.

Prerequisites

Before using this module, ensure you have the following:

  • AWS credentials configured.
  • Terraform installed.
  • A working knowledge of Terraform.

Usage

See the examples folder for a complete example.

locals {
  security_group_data = {
    create      = true
    description = "Security Group for Loadbalancer"

    ingress_rules = [
      {
        description = "Allow VPC traffic"
        cidr_block  = data.aws_vpc.this.cidr_block
        from_port   = 0
        ip_protocol = "tcp"
        to_port     = 65535
      },
      {
        description = "Allow traffic from self"
        self        = true
        from_port   = 0
        ip_protocol = "tcp"
        to_port     = 65535
      },
      {
        description              = "Allow traffic from security group"
        source_security_group_id = data.aws_security_group.default.id
        from_port                = 0
        ip_protocol              = "tcp"
        to_port                  = 65535
      }
    ]

    egress_rules = [
      {
        description = "Allow all outbound traffic"
        cidr_block  = "0.0.0.0/0"
        from_port   = -1
        ip_protocol = "-1"
        to_port     = -1
      }
    ]
  }
}

module "arc_security_group" {
  source  = "sourcefuse/arc-security-group/aws"
  version = "0.0.1"

  name          = "${var.namespace}-${var.environment}-sg"
  vpc_id        = data.aws_vpc.this.id
  ingress_rules = local.security_group_data.ingress_rules
  egress_rules  = local.security_group_data.egress_rules

  tags = module.tags.tags
}

Requirements

Name Version
terraform > 1.4, < 2.0.0
aws ~> 5.0

Providers

Name Version
aws 5.80.0

Modules

No modules.

Resources

Name Type
aws_security_group.this resource
aws_vpc_security_group_egress_rule.this resource
aws_vpc_security_group_ingress_rule.this resource

Inputs

Name Description Type Default Required
description (optional) Description of Security Group string null no
egress_rules (optional) List of egress rules for the security group.
list(object({
description = optional(string, null)
cidr_block = optional(string, null)
destination_security_group_id = optional(string, null)
from_port = number
ip_protocol = string
to_port = string
prefix_list_id = optional(string, null)
}))
[] no
ingress_rules (optional) List of ingress rules for the security group.
list(object({
description = optional(string, null)
cidr_block = optional(string, null)
source_security_group_id = optional(string, null)
from_port = number
ip_protocol = string
to_port = string
self = optional(bool, false)
}))
[] no
name Security Group name string n/a yes
tags Tags for Security Group map(string) {} no
vpc_id VPC Id for creating security group string n/a yes

Outputs

Name Description
id Security Group ID

Versioning

This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.

When you intend to commit to main, you will need to increment this version. Once the project is merged, the pipeline will kick off and tag the latest git commit.

Development

Prerequisites

Configurations

  • Configure pre-commit hooks
    pre-commit install
    

Versioning

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

git commit -m "your commit message #major"
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Tests

  • Tests are available in test directory
  • Configure the dependencies
    1
    2
    3
    cd test/
    go mod init github.com/sourcefuse/terraform-aws-refarch-<module_name>
    go get github.com/gruntwork-io/terratest/modules/terraform
    
  • Now execute the test
    go test -timeout  30m
    

Authors

This project is authored by: - SourceFuse ARC Team