xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: updated readme and formated main.tf

Browse Source
This commit is contained in:
xpk 2023-12-14 08:59:35 +08:00
parent 697ce226d2
commit 6a330b123a
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
2 changed files with 36 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
modules/compute/security_group/README.md
View File

@ -1,54 +1,43 @@
# security-groups-gen2 # security-group
This module create security groups from a map This module create security group.
## Inputs ## Inputs
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|------|---------|:-----:| |---------|-------------------|----------|---------|:--------:|
| tags | tags | List | n/a | yes | | vpc-id | VPC id | string | n/a | yes |
| vpc-id | VPC id | string | n/a | yes | | ingress | See example below | map | n/a | yes |
| security-groups | See example below | map | n/a | yes | | egress | See example below | map | n/a | yes |
### security-groups input
Below is a sample security-groups map this module ingests
```
module "bea-bast-sg" {
source = "../../modules/compute/security_groups"
security-groups = [
{
name = "RackspaceAdmin2"
description = "Allow rdp/ssh access from Rackspace"
ingress = {
r1 = "icmp,-1,-1,0.0.0.0/0,ICMP ping"
r2 = "-1,-1,-1,1.2.3.4/32,Foo access"
}
egress = {
r1 = "-1,-1,-1,0.0.0.0/0,Default egress rule"
}
},
{
name = "RackspaceAdmin"
description = "Allow rdp/ssh access from Rackspace"
ingress = {
r1 = "tcp,443,443,${aws_ec2_managed_prefix_list.rsip_range.id},Bar ip ranges"
r2 = "tcp,22,22,2.3.4.5/32,Joe Blow"
}
egress = {
r1 = "-1,-1,-1,0.0.0.0/0,Default egress rule"
}
}
]
tags = local.default-tags
vpc-id = "vpc-xxx"
}
```
## Outputs ## Outputs
| Name | Description | | Name | Description |
|------|-------------| |------------|--------------------------------|
| sg-id-name | A map of SG id and their names | | sg-id-name | A map of SG id and their names |
### Example
Below is a sample root module calling this shared module
```hcl
module "admin-sg" {
source = "../../modules/compute/security_group"
description = "Security group for admins"
egress = {
r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},Client to BigFix server"
}
ingress = {
r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},BigFix server to client"
}
name = "admin-sg"
vpc-id = "vpc-01a10b033169f89a8"
}
```

2
modules/compute/security_group/main.tf
View File

@ -11,7 +11,7 @@ resource "aws_security_group" "sg" {
name = var.name name = var.name
description = var.description description = var.description
vpc_id = var.vpc-id vpc_id = var.vpc-id
tags = { Name = var.name } tags = { Name = var.name }
} }
resource "aws_vpc_security_group_ingress_rule" "ingress-rules" { resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {