53 lines
1.5 KiB
Markdown
53 lines
1.5 KiB
Markdown
# security-groups-gen2
|
|
This module create security groups from a map
|
|
|
|
## Inputs
|
|
|
|
| Name | Description | Type | Default | Required |
|
|
|------|-------------|------|---------|:-----:|
|
|
| tags | tags | List | n/a | yes |
|
|
| vpc-id | VPC id | string | n/a | yes |
|
|
| security-groups | See example below | map | n/a | yes |
|
|
|
|
### security-groups input
|
|
Below is a sample security-groups map this module ingests. The rule list needs to have
|
|
the id column to prevent list from being randomly sorted.
|
|
|
|
```hcl
|
|
module "headdesk-sg" {
|
|
source = "../../modules/compute/security-groups"
|
|
|
|
security-groups = [
|
|
{
|
|
name = "WebAccess"
|
|
description = "Public web access"
|
|
rules = [
|
|
[1, "tcp", "0.0.0.0/0", "80", "80", "ingress", "web"],
|
|
[2, "tcp", "0.0.0.0/0", "443", "443", "ingress", "web"],
|
|
[3, "tcp", "0.0.0.0/0", "25", "25", "ingress", "mail"],
|
|
[4, "tcp", "0.0.0.0/0", "587", "587", "ingress", "mail"],
|
|
[5, "tcp", "0.0.0.0/0", "11993", "11993", "ingress", "mail"],
|
|
[6, "-1", "0.0.0.0/0", "0", "0", "egress", "Allow outbound traffic"],
|
|
[7, "tcp", "0.0.0.0/0", "2201", "2201", "ingress", "ssh"]
|
|
]
|
|
},
|
|
{
|
|
name = "MgmtAccess"
|
|
description = "Allow management access"
|
|
rules = [
|
|
[1, "tcp", "223.18.148.85/32", "22", "22", "ingress", "xpk"]
|
|
]
|
|
}
|
|
]
|
|
tags = local.default-tags
|
|
vpc-id = module.vpc-subnet.vpc_id
|
|
}
|
|
```
|
|
|
|
## Outputs
|
|
|
|
| Name | Description |
|
|
|------|-------------|
|
|
| sg-id-name | A map of SG id and their names |
|
|
|