Skip to content

Module Banner

terraform-aws-arc-security-group

Module: sourcefuse/arc-security-group/aws

Registry: https://registry.terraform.io/modules/sourcefuse/arc-security-group/aws

Category: Networking / Security

Source: https://github.com/sourcefuse/terraform-aws-arc-security-group

Latest Release Last Updated Terraform GitHub Actions

Quality gate

Overview

Creates AWS security groups with configurable ingress and egress rules for controlling network traffic.

What It Does

  • Security group with custom name and description
  • Ingress rules with CIDR, security group, or self references
  • Egress rules with full configuration
  • Multiple rules per security group
  • Tag support

For more information about this repository and its usage, please see Terraform AWS ARC Security Group Module Usage Guide.

Quickstart

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
locals {
  security_group_data = {
    create      = true
    description = "Security Group for Loadbalancer"

    ingress_rules = [
      {
        description = "Allow VPC traffic"
        cidr_block  = data.aws_vpc.this.cidr_block
        from_port   = 0
        ip_protocol = "tcp"
        to_port     = 65535
      },
      {
        description = "Allow traffic from self"
        self        = true
        from_port   = 0
        ip_protocol = "tcp"
        to_port     = 65535
      },
      {
        description              = "Allow traffic from security group"
        source_security_group_id = data.aws_security_group.default.id
        from_port                = 0
        ip_protocol              = "tcp"
        to_port                  = 65535
      }
    ]

    egress_rules = [
      {
        description = "Allow all outbound traffic"
        cidr_block  = "0.0.0.0/0"
        from_port   = -1
        ip_protocol = "-1"
        to_port     = -1
      }
    ]
  }
}

module "arc_security_group" {
  source  = "sourcefuse/arc-security-group/aws"
  version = "0.0.1"

  name          = "${var.namespace}-${var.environment}-sg"
  vpc_id        = data.aws_vpc.this.id
  ingress_rules = local.security_group_data.ingress_rules
  egress_rules  = local.security_group_data.egress_rules

  tags = module.tags.tags
}

Required Inputs

Name Type Description
name string Security group name
vpc_id string VPC ID
ingress_rules list(object) Ingress rule definitions
egress_rules list(object) Egress rule definitions
## Key Outputs
Name Description
id Security group ID
arn Security group ARN
## Full Variable & Output Reference

The complete inputs/outputs reference is auto-generated below.

Requirements

Name Version
terraform > 1.4, < 2.0.0
aws >= 5.0, < 7.0

Providers

Name Version
aws 5.80.0

Modules

No modules.

Resources

Name Type
aws_security_group.this resource
aws_vpc_security_group_egress_rule.this resource
aws_vpc_security_group_ingress_rule.this resource

Inputs

Name Description Type Default Required
description (optional) Description of Security Group string null no
egress_rules (optional) List of egress rules for the security group. 
list(object({
    description                   = optional(string, null)
    cidr_ipv6                     = optional(string, null)
    cidr_block                    = optional(string, null)
    destination_security_group_id = optional(string, null)
    from_port                     = optional(number, null)
    ip_protocol                   = string
    to_port                       = optional(number, null)
    prefix_list_id                = optional(string, null)
    tags                          = optional(map(string), {})
  }))
 [] no
ingress_rules (optional) List of ingress rules for the security group. 
list(object({
    description              = optional(string, null)
    cidr_ipv6                = optional(string, null)
    cidr_block               = optional(string, null)
    source_security_group_id = optional(string, null)
    from_port                = optional(number, null)
    ip_protocol              = string
    to_port                  = optional(number, null)
    prefix_list_id           = optional(string, null)
    self                     = optional(bool, false)
    tags                     = optional(map(string), {})
  }))
 [] no
name Security Group name string n/a yes
tags Tags for Security Group map(string) {} no
vpc_id VPC Id for creating security group string n/a yes

Outputs

Name Description
arn Security Group ARN
egress_rule_arns ARNs of the egress rules
egress_rule_ids IDs of the egress rules
id Security Group ID
ingress_rule_arns ARNs of the ingress rules
ingress_rule_ids IDs of the ingress rules

Versioning

This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.

When you intend to commit to main, you will need to increment this version. Once the project is merged, the pipeline will kick off and tag the latest git commit.

Development

Prerequisites

Configurations

  • Configure pre-commit hooks 
    1
    pre-commit install

Versioning

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

1
git commit -m "your commit message #major"
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Tests

  • Tests are available in test directory
  • Configure the dependencies 
    1
2
3
    cd test/
go mod init github.com/sourcefuse/terraform-aws-refarch-<module_name>
go get github.com/gruntwork-io/terratest/modules/terraform
  • Now execute the test
    1
    go test -timeout  30m

Contributing

See CONTRIBUTING.md for commit conventions and development setup.

Authors

This project is authored by: - SourceFuse ARC Team