terraform.aws-baseline-infra/modules/compute/security_group/main.tf

data "aws_default_tags" "this" {
  lifecycle {
    postcondition {
      condition     = length(self.tags) >= 1
      error_message = "Validation failed: Provider default_tags not set."
    }
  }
}

resource "aws_security_group" "sg" {
  name        = var.name
  description = var.description
  vpc_id      = var.vpc-id
  tags        = { Name = var.name }
}

resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {
  for_each                     = var.ingress
  security_group_id            = aws_security_group.sg.id
  ip_protocol                  = split(",", each.value)[0]
  from_port                    = split(",", each.value)[1]
  to_port                      = split(",", each.value)[2]
  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
  description                  = split(",", each.value)[4]
}

resource "aws_vpc_security_group_egress_rule" "egress-rules" {
  for_each                     = var.egress
  security_group_id            = aws_security_group.sg.id
  ip_protocol                  = split(",", each.value)[0]
  from_port                    = split(",", each.value)[1]
  to_port                      = split(",", each.value)[2]
  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
  description                  = split(",", each.value)[4]
}
UPD: added default_tags validation 2023-11-23 17:00:16 +08:00			`data "aws_default_tags" "this" {`
			`lifecycle {`
			`postcondition {`
			`condition = length(self.tags) >= 1`
			`error_message = "Validation failed: Provider default_tags not set."`
			`}`
			`}`
			`}`
NEW: new security group module 2023-11-23 16:58:41 +08:00
			`resource "aws_security_group" "sg" {`
			`name = var.name`
			`description = var.description`
			`vpc_id = var.vpc-id`
UPD: updated readme and formated main.tf 2023-12-14 08:59:35 +08:00			`tags = { Name = var.name }`
NEW: new security group module 2023-11-23 16:58:41 +08:00			`}`

			`resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {`
			`for_each = var.ingress`
			`security_group_id = aws_security_group.sg.id`
			`ip_protocol = split(",", each.value)[0]`
			`from_port = split(",", each.value)[1]`
			`to_port = split(",", each.value)[2]`
			`cidr_ipv4 = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null`
			`referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null`
			`prefix_list_id = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null`
			`description = split(",", each.value)[4]`
			`}`

			`resource "aws_vpc_security_group_egress_rule" "egress-rules" {`
			`for_each = var.egress`
			`security_group_id = aws_security_group.sg.id`
			`ip_protocol = split(",", each.value)[0]`
			`from_port = split(",", each.value)[1]`
			`to_port = split(",", each.value)[2]`
			`cidr_ipv4 = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null`
			`referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null`
			`prefix_list_id = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null`
			`description = split(",", each.value)[4]`
			`}`