terraform.aws-baseline-infra/modules/compute/security_group/main.tf

data aws_default_tags this {}

resource "aws_security_group" "sg" {
  name        = var.name
  description = var.description
  vpc_id      = var.vpc-id
  tags = { Name = var.name }
}

resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {
  for_each                     = var.ingress
  security_group_id            = aws_security_group.sg.id
  ip_protocol                  = split(",", each.value)[0]
  from_port                    = split(",", each.value)[1]
  to_port                      = split(",", each.value)[2]
  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
  description                  = split(",", each.value)[4]
}

resource "aws_vpc_security_group_egress_rule" "egress-rules" {
  for_each                     = var.egress
  security_group_id            = aws_security_group.sg.id
  ip_protocol                  = split(",", each.value)[0]
  from_port                    = split(",", each.value)[1]
  to_port                      = split(",", each.value)[2]
  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
  description                  = split(",", each.value)[4]
}