sudoblark.terraform.module.aws.security_group

Terraform module to create N number of security groups and their associated rules. - repo managed by sudoblark.terraform.github

Developer documentation

The below documentation is intended to assist a developer with interacting with the Terraform module in order to add, remove or update functionality.

Pre-requisites

• terraform_docs

brew install terraform_docs

• tfenv

git clone https://github.com/tfutils/tfenv.git ~/.tfenv
echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> ~/.bash_profile

• Virtual environment with pre-commit installed

python3 -m venv venv
source venv/bin/activate
pip install pre-commit

Pre-commit hooks

This repository utilises pre-commit in order to ensure a base level of quality on every commit. The hooks may be installed as follows:

source venv/bin/activate
pip install pre-commit
pre-commit install
pre-commit run --all-files

Module documentation

The below documentation is intended to assist users in utilising the module, the main thing to note is the data structure section which outlines the interface by which users are expected to interact with the module itself, and the examples section which has examples of how to utilise the module.

Requirements

Name	Version
terraform	~> 1.5.0
aws	>= 5.61.0

Providers

Name	Version
aws	5.67.0

Modules

No modules.

Resources

Name	Type
aws_security_group.groups	resource
aws_security_group_rule.rule	resource

Inputs

Name	Description	Type	Default	Required
application_name	Name of the application utilising resource.	string	n/a	yes
environment	Which environment this is being instantiated in.	string	n/a	yes
raw_security_groups	Data structure --------------- A list of dictionaries, where each dictionary has the following attributes: REQUIRED --------- - suffix : Security group suffix to use for naming and unique identifiers - description : Description to give to the security group OPTIONAL --------- - rules: A list of dictionaries, where each dictionary has the following values: -- name : Friendly name used through Terraform for instantiation and cross-referencing -- type : Ingress/egress -- from_port : Start port -- to_port : End port -- protocol : Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number. -- description : Friendly description of the rule, required for auditing purposes. In addition, the following optional args are available: -- cidr_blocks : List of CIDR blocks. Cannot be specified with source_security_group_id or self. -- ipv6_cidr_blocks : List of IPv6 CIDR blocks. Cannot be specified with source_security_group_id or self. -- prefix_list_ids : List of Prefix List IDs. -- self : Whether the security group itself will be added as a source to this ingress rule. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or source_security_group_id. -- source_security_group_id : Security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or self.	list( object({ suffix : string, description : string, rules : optional(list( object({ name = string, type = string, from_port = string, to_port = string, protocol = string, description = string, cidr_blocks = optional(list(string), null), ipv6_cidr_blocks = optional(list(string), null), prefix_list_ids = optional(list(string), null), self = optional(bool, null), source_security_group_id = optional(string, null) }) ), []) }) )	n/a	yes
vpc_config	AWS VPC ID within which to create the security group.	string	n/a	yes

Outputs

No outputs.

Data structure

Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:

REQUIRED
---------
- suffix                : Security group suffix to use for naming and unique identifiers
- description           : Description to give to the security group

OPTIONAL
---------
- rules: A list of dictionaries, where each dictionary has the following values:
-- name                 : Friendly name used through Terraform for instantiation and cross-referencing
-- type                 : Ingress/egress
-- from_port            : Start port
-- to_port              : End port
-- protocol             : Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number.
-- description          : Friendly description of the rule, required for auditing purposes.

In addition, the following optional args are available:
-- cidr_blocks               : List of CIDR blocks. Cannot be specified with source_security_group_id or self.
-- ipv6_cidr_blocks          : List of IPv6 CIDR blocks. Cannot be specified with source_security_group_id or self.
-- prefix_list_ids           : List of Prefix List IDs.
-- self                      : Whether the security group itself will be added as a source to this ingress rule. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or source_security_group_id.
-- source_security_group_id  : Security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or self.

Examples

See examples folder for an example setup.