The SourceFuse AWS Reference Architecture (ARC) Terraform module for creating and managing AWS security groups with customizable rules. It simplifies defining inbound and outbound rules for specific protocols, ports, and CIDR ranges, ensuring secure and efficient network traffic control in your infrastructure.
For more information about this repository and its usage, please see Terraform AWS ARC Security Group Module Usage Guide.
Before using this module, ensure you have the following:
- AWS credentials configured.
- Terraform installed.
- A working knowledge of Terraform.
See the examples folder for a complete example.
locals {
security_group_data = {
create = true
description = "Security Group for Loadbalancer"
ingress_rules = [
{
description = "Allow VPC traffic"
cidr_block = data.aws_vpc.this.cidr_block
from_port = 0
ip_protocol = "tcp"
to_port = 65535
},
{
description = "Allow traffic from self"
self = true
from_port = 0
ip_protocol = "tcp"
to_port = 65535
},
{
description = "Allow traffic from security group"
source_security_group_id = data.aws_security_group.default.id
from_port = 0
ip_protocol = "tcp"
to_port = 65535
}
]
egress_rules = [
{
description = "Allow all outbound traffic"
cidr_block = "0.0.0.0/0"
from_port = -1
ip_protocol = "-1"
to_port = -1
}
]
}
}
module "arc_security_group" {
source = "sourcefuse/arc-security-group/aws"
version = "0.0.1"
name = "${var.namespace}-${var.environment}-sg"
vpc_id = data.aws_vpc.this.id
ingress_rules = local.security_group_data.ingress_rules
egress_rules = local.security_group_data.egress_rules
tags = module.tags.tags
}| Name | Version |
|---|---|
| terraform | > 1.4, < 2.0.0 |
| aws | ~> 5.0 |
| Name | Version |
|---|---|
| aws | 5.80.0 |
No modules.
| Name | Type |
|---|---|
| aws_security_group.this | resource |
| aws_vpc_security_group_egress_rule.this | resource |
| aws_vpc_security_group_ingress_rule.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| description | (optional) Description of Security Group | string |
null |
no |
| egress_rules | (optional) List of egress rules for the security group. | list(object({ |
[] |
no |
| ingress_rules | (optional) List of ingress rules for the security group. | list(object({ |
[] |
no |
| name | Security Group name | string |
n/a | yes |
| tags | Tags for Security Group | map(string) |
{} |
no |
| vpc_id | VPC Id for creating security group | string |
n/a | yes |
| Name | Description |
|---|---|
| id | Security Group ID |
This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.
When you intend to commit to main, you will need to increment this version. Once the project is merged,
the pipeline will kick off and tag the latest git commit.
- Configure pre-commit hooks
pre-commit install
while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch
For Example
git commit -m "your commit message #major"By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly
- Tests are available in
testdirectory - Configure the dependencies
cd test/ go mod init github.com/sourcefuse/terraform-aws-refarch-<module_name> go get github.com/gruntwork-io/terratest/modules/terraform
- Now execute the test
go test -timeout 30m
This project is authored by:
- SourceFuse ARC Team