Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → terraform-aws-modules → Terraform Aws Security Group

terraform-aws-modules / Terraform Aws Security Group

Licence: other

Terraform module which creates EC2-VPC security groups on AWS

Labels

aws hcl

Projects that are alternatives of or similar to Terraform Aws Security Group

Azure arc

Automated Azure Arc environments

Stars: ✭ 224 (-31.29%)

Mutual labels: aws, hcl

Cloudblock

Cloudblock automates deployment of secure ad-blocking for all of your devices - even when mobile. Step-by-step text and video guides included! Compatible clouds include AWS, Azure, Google Cloud, and Oracle Cloud. Cloudblock deploys Wireguard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible.

Stars: ✭ 257 (-21.17%)

Mutual labels: aws, hcl

Terraform Aws Tfstate Backend

Terraform module that provision an S3 bucket to store the `terraform.tfstate` file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.

Stars: ✭ 229 (-29.75%)

Mutual labels: aws, hcl

Terraform Aws Alb

Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) and associated resources

Stars: ✭ 217 (-33.44%)

Mutual labels: aws, hcl

Terraform Ecs Fargate

A Terraform template used for provisioning web application stacks on AWS ECS Fargate

Stars: ✭ 293 (-10.12%)

Mutual labels: aws, hcl

Terraform Aws Ecs Container Definition

Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource

Stars: ✭ 217 (-33.44%)

Mutual labels: aws, hcl

Terraform Aws Eks Cluster

Terraform module for provisioning an EKS cluster

Stars: ✭ 256 (-21.47%)

Mutual labels: aws, hcl

Terraform Aws Lambda

Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations

Stars: ✭ 190 (-41.72%)

Mutual labels: aws, hcl

Kubenow

Deploy Kubernetes. Now!

Stars: ✭ 285 (-12.58%)

Mutual labels: aws, hcl

Iam Policy Json To Terraform

Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document

Stars: ✭ 282 (-13.5%)

Mutual labels: aws, hcl

Terraform Aws Elastic Beanstalk Environment

Terraform module to provision an AWS Elastic Beanstalk Environment

Stars: ✭ 211 (-35.28%)

Mutual labels: aws, hcl

Terraform Kubestack

Terraform GitOps Framework — Everything you need to build reliable automation for AKS, EKS and GKE Kubernetes clusters in one free and open-source framework.

Stars: ✭ 300 (-7.98%)

Mutual labels: aws, hcl

Terraform Fargate Example

Example repository to run an ECS cluster on Fargate

Stars: ✭ 206 (-36.81%)

Mutual labels: aws, hcl

Terraform Aws Iam

Terraform module which creates IAM resources on AWS

Stars: ✭ 314 (-3.68%)

Mutual labels: aws, hcl

Terraform Aws Ecs

Terraform module which creates AWS ECS resources

Stars: ✭ 203 (-37.73%)

Mutual labels: aws, hcl

Terraform Aws Atlantis

Terraform configurations for running Atlantis on AWS Fargate. Github, Gitlab and BitBucket are supported

Stars: ✭ 246 (-24.54%)

Mutual labels: aws, hcl

Terraform Aws Autoscaling

Terraform module which creates Auto Scaling resources on AWS

Stars: ✭ 166 (-49.08%)

Mutual labels: aws, hcl

Terraform Aws Components

Opinionated, self-contained Terraform root modules that each solve one, specific problem

Stars: ✭ 168 (-48.47%)

Mutual labels: aws, hcl

Terraform Examples

Terraform samples for all the major clouds you can copy and paste. The future, co-created.

Stars: ✭ 256 (-21.47%)

Mutual labels: aws, hcl

Terraform Aws Gitlab Runner

Terraform module for AWS GitLab runners on ec2 (spot) instances

Stars: ✭ 292 (-10.43%)

Mutual labels: aws, hcl

View All Similar Projects ➔

AWS EC2-VPC Security Group Terraform module

Terraform module which creates EC2 security group within VPC on AWS.

These types of resources are supported:

Features

This module aims to implement ALL combinations of arguments supported by AWS and latest stable version of Terraform:

IPv4/IPv6 CIDR blocks
VPC endpoint prefix lists (use data source aws_prefix_list)
Access from source security groups
Access from self
Named rules (see the rules here)
Named groups of rules with ingress (inbound) and egress (outbound) ports open for common scenarios (eg, ssh, http-80, mysql, see the whole list here)
Conditionally create security group and all required security group rules ("single boolean switch").

Ingress and egress rules can be configured in a variety of ways. See inputs section for all supported arguments and complete example for the complete use-case.

If there is a missing feature or a bug - open an issue.

Terraform versions

For Terraform 0.12 use version v3.* of this module.

If you are using Terraform 0.11 you can use versions v2.*.

Usage

There are two ways to create security groups using this module:

Security group with predefined rules

module "web_server_sg" {
  source = "terraform-aws-modules/security-group/aws//modules/http-80"

  name        = "web-server"
  description = "Security group for web-server with HTTP ports open within VPC"
  vpc_id      = "vpc-12345678"

  ingress_cidr_blocks = ["10.10.0.0/16"]
}

Security group with custom rules

module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "user-service"
  description = "Security group for user-service with custom ports open within VPC, and PostgreSQL publicly open"
  vpc_id      = "vpc-12345678"

  ingress_cidr_blocks      = ["10.10.0.0/16"]
  ingress_rules            = ["https-443-tcp"]
  ingress_with_cidr_blocks = [
    {
      from_port   = 8080
      to_port     = 8090
      protocol    = "tcp"
      description = "User-service ports"
      cidr_blocks = "10.10.0.0/16"
    },
    {
      rule        = "postgresql-tcp"
      cidr_blocks = "0.0.0.0/0"
    },
  ]
}

Note about "value of 'count' cannot be computed"

Terraform 0.11 has a limitation which does not allow computed values inside count attribute on resources (issues: #16712, #18015, ...)

Computed values are values provided as outputs from module. Non-computed values are all others - static values, values referenced as variable and from data-sources.

When you need to specify computed value inside security group rule argument you need to specify it using an argument which starts with computed_ and provide a number of elements in the argument which starts with number_of_computed_. See these examples:

module "http_sg" {
  source = "terraform-aws-modules/security-group/aws"
  # omitted for brevity
}

module "db_computed_source_sg" {
  # omitted for brevity

  vpc_id = "vpc-12345678" # these are valid values also - "${module.vpc.vpc_id}" and "${local.vpc_id}"

  computed_ingress_with_source_security_group_id = [
    {
      rule                     = "mysql-tcp"
      source_security_group_id = "${module.http_sg.this_security_group_id}"
    }
  ]
  number_of_computed_ingress_with_source_security_group_id = 1
}

module "db_computed_sg" {
  # omitted for brevity

  ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}"]

  computed_ingress_cidr_blocks = ["${module.vpc.vpc_cidr_block}"]
  number_of_computed_ingress_cidr_blocks = 1
}

module "db_computed_merged_sg" {
  # omitted for brevity

  computed_ingress_cidr_blocks = ["10.10.0.0/16", "${module.vpc.vpc_cidr_block}"]
  number_of_computed_ingress_cidr_blocks = 2
}

Note that db_computed_sg and db_computed_merged_sg are equal, because it is possible to put both computed and non-computed values in arguments starting with computed_.

Conditional creation

Sometimes you need to have a way to create security group conditionally but Terraform does not allow to use count inside module block, so the solution is to specify argument create.

# This security group will not be created
module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"

  create = false
  # ... omitted
}

Examples

Complete Security Group example shows all available parameters to configure security group.
HTTP Security Group example shows more applicable security groups for common web-servers.
Disable creation of Security Group example shows how to disable creation of security group.
Dynamic values inside Security Group rules example shows how to specify values inside security group rules (data-sources and variables are allowed).
Computed values inside Security Group rules example shows how to specify computed values inside security group rules (solution for value of 'count' cannot be computed problem).

How to add/update rules/groups?

Rules and groups are defined in rules.tf. Run update_groups.sh when content of that file has changed to recreate content of all automatic modules.

Known issues

No issue is creating limit on this module.

Requirements

Name	Version
terraform	>= 0.12.6
aws	>= 2.42

Providers

Name	Version
aws	>= 2.42

Modules

No Modules.

Resources

Name
aws_security_group
aws_security_group_rule

Inputs

Name	Description	Type	Default	Required
auto_groups	Map of groups of security group rules to use to generate modules (see update_groups.sh)	`map(map(list(string)))`	{ "activemq": { "egress_rules": [ "all-all" ], "ingress_rules": [ "activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp" ], "ingress_with_self": [ "all-all" ] }, "alertmanager": { "egress_rules": [ "all-all" ], "ingress_rules": [ "alertmanager-9093-tcp", "alertmanager-9094-tcp" ], "ingress_with_self": [ "all-all" ] }, "carbon-relay-ng": { "egress_rules": [ "all-all" ], "ingress_rules": [ "carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp" ], "ingress_with_self": [ "all-all" ] }, "cassandra": { "egress_rules": [ "all-all" ], "ingress_rules": [ "cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp" ], "ingress_with_self": [ "all-all" ] }, "consul": { "egress_rules": [ "all-all" ], "ingress_rules": [ "consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp" ], "ingress_with_self": [ "all-all" ] }, "docker-swarm": { "egress_rules": [ "all-all" ], "ingress_rules": [ "docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp" ], "ingress_with_self": [ "all-all" ] }, "elasticsearch": { "egress_rules": [ "all-all" ], "ingress_rules": [ "elasticsearch-rest-tcp", "elasticsearch-java-tcp" ], "ingress_with_self": [ "all-all" ] }, "grafana": { "egress_rules": [ "all-all" ], "ingress_rules": [ "grafana-tcp" ], "ingress_with_self": [ "all-all" ] }, "graphite-statsd": { "egress_rules": [ "all-all" ], "ingress_rules": [ "graphite-webui", "graphite-2003-tcp", "graphite-2004-tcp", "graphite-2023-tcp", "graphite-2024-tcp", "graphite-8080-tcp", "graphite-8125-tcp", "graphite-8125-udp", "graphite-8126-tcp" ], "ingress_with_self": [ "all-all" ] }, "http-80": { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-80-tcp" ], "ingress_with_self": [ "all-all" ] }, "http-8080": { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-8080-tcp" ], "ingress_with_self": [ "all-all" ] }, "https-443": { "egress_rules": [ "all-all" ], "ingress_rules": [ "https-443-tcp" ], "ingress_with_self": [ "all-all" ] }, "https-8443": { "egress_rules": [ "all-all" ], "ingress_rules": [ "https-8443-tcp" ], "ingress_with_self": [ "all-all" ] }, "ipsec-4500": { "egress_rules": [ "all-all" ], "ingress_rules": [ "ipsec-4500-udp" ], "ingress_with_self": [ "all-all" ] }, "ipsec-500": { "egress_rules": [ "all-all" ], "ingress_rules": [ "ipsec-500-udp" ], "ingress_with_self": [ "all-all" ] }, "kafka": { "egress_rules": [ "all-all" ], "ingress_rules": [ "kafka-broker-tcp", "kafka-broker-tls-tcp", "kafka-jmx-exporter-tcp", "kafka-node-exporter-tcp" ], "ingress_with_self": [ "all-all" ] }, "kibana": { "egress_rules": [ "all-all" ], "ingress_rules": [ "kibana-tcp" ], "ingress_with_self": [ "all-all" ] }, "kubernetes-api": { "egress_rules": [ "all-all" ], "ingress_rules": [ "kubernetes-api-tcp" ], "ingress_with_self": [ "all-all" ] }, "ldap": { "egress_rules": [ "all-all" ], "ingress_rules": [ "ldap-tcp" ], "ingress_with_self": [ "all-all" ] }, "ldaps": { "egress_rules": [ "all-all" ], "ingress_rules": [ "ldaps-tcp" ], "ingress_with_self": [ "all-all" ] }, "logstash": { "egress_rules": [ "all-all" ], "ingress_rules": [ "logstash-tcp" ], "ingress_with_self": [ "all-all" ] }, "memcached": { "egress_rules": [ "all-all" ], "ingress_rules": [ "memcached-tcp" ], "ingress_with_self": [ "all-all" ] }, "minio": { "egress_rules": [ "all-all" ], "ingress_rules": [ "minio-tcp" ], "ingress_with_self": [ "all-all" ] }, "mongodb": { "egress_rules": [ "all-all" ], "ingress_rules": [ "mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp" ], "ingress_with_self": [ "all-all" ] }, "mssql": { "egress_rules": [ "all-all" ], "ingress_rules": [ "mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp" ], "ingress_with_self": [ "all-all" ] }, "mysql": { "egress_rules": [ "all-all" ], "ingress_rules": [ "mysql-tcp" ], "ingress_with_self": [ "all-all" ] }, "nfs": { "egress_rules": [ "all-all" ], "ingress_rules": [ "nfs-tcp" ], "ingress_with_self": [ "all-all" ] }, "nomad": { "egress_rules": [ "all-all" ], "ingress_rules": [ "nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp" ], "ingress_with_self": [ "all-all" ] }, "ntp": { "egress_rules": [ "all-all" ], "ingress_rules": [ "ntp-udp" ], "ingress_with_self": [ "all-all" ] }, "openvpn": { "egress_rules": [ "all-all" ], "ingress_rules": [ "openvpn-udp", "openvpn-tcp", "openvpn-https-tcp" ], "ingress_with_self": [ "all-all" ] }, "oracle-db": { "egress_rules": [ "all-all" ], "ingress_rules": [ "oracle-db-tcp" ], "ingress_with_self": [ "all-all" ] }, "postgresql": { "egress_rules": [ "all-all" ], "ingress_rules": [ "postgresql-tcp" ], "ingress_with_self": [ "all-all" ] }, "prometheus": { "egress_rules": [ "all-all" ], "ingress_rules": [ "prometheus-http-tcp", "prometheus-pushgateway-http-tcp" ], "ingress_with_self": [ "all-all" ] }, "puppet": { "egress_rules": [ "all-all" ], "ingress_rules": [ "puppet-tcp", "puppetdb-tcp" ], "ingress_with_self": [ "all-all" ] }, "rabbitmq": { "egress_rules": [ "all-all" ], "ingress_rules": [ "rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp" ], "ingress_with_self": [ "all-all" ] }, "rdp": { "egress_rules": [ "all-all" ], "ingress_rules": [ "rdp-tcp", "rdp-udp" ], "ingress_with_self": [ "all-all" ] }, "redis": { "egress_rules": [ "all-all" ], "ingress_rules": [ "redis-tcp" ], "ingress_with_self": [ "all-all" ] }, "redshift": { "egress_rules": [ "all-all" ], "ingress_rules": [ "redshift-tcp" ], "ingress_with_self": [ "all-all" ] }, "solr": { "egress_rules": [ "all-all" ], "ingress_rules": [ "solr-tcp" ], "ingress_with_self": [ "all-all" ] }, "splunk": { "egress_rules": [ "all-all" ], "ingress_rules": [ "splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp" ], "ingress_with_self": [ "all-all" ] }, "squid": { "egress_rules": [ "all-all" ], "ingress_rules": [ "squid-proxy-tcp" ], "ingress_with_self": [ "all-all" ] }, "ssh": { "egress_rules": [ "all-all" ], "ingress_rules": [ "ssh-tcp" ], "ingress_with_self": [ "all-all" ] }, "storm": { "egress_rules": [ "all-all" ], "ingress_rules": [ "storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp" ], "ingress_with_self": [ "all-all" ] }, "web": { "egress_rules": [ "all-all" ], "ingress_rules": [ "http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp" ], "ingress_with_self": [ "all-all" ] }, "winrm": { "egress_rules": [ "all-all" ], "ingress_rules": [ "winrm-http-tcp", "winrm-https-tcp" ], "ingress_with_self": [ "all-all" ] }, "zipkin": { "egress_rules": [ "all-all" ], "ingress_rules": [ "zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp" ], "ingress_with_self": [ "all-all" ] }, "zookeeper": { "egress_rules": [ "all-all" ], "ingress_rules": [ "zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp" ], "ingress_with_self": [ "all-all" ] } }	no
computed_egress_rules	List of computed egress rules to create by name	`list(string)`	`[]`	no
computed_egress_with_cidr_blocks	List of computed egress rules to create where 'cidr_blocks' is used	`list(map(string))`	`[]`	no
computed_egress_with_ipv6_cidr_blocks	List of computed egress rules to create where 'ipv6_cidr_blocks' is used	`list(map(string))`	`[]`	no
computed_egress_with_self	List of computed egress rules to create where 'self' is defined	`list(map(string))`	`[]`	no
computed_egress_with_source_security_group_id	List of computed egress rules to create where 'source_security_group_id' is used	`list(map(string))`	`[]`	no
computed_ingress_rules	List of computed ingress rules to create by name	`list(string)`	`[]`	no
computed_ingress_with_cidr_blocks	List of computed ingress rules to create where 'cidr_blocks' is used	`list(map(string))`	`[]`	no
computed_ingress_with_ipv6_cidr_blocks	List of computed ingress rules to create where 'ipv6_cidr_blocks' is used	`list(map(string))`	`[]`	no
computed_ingress_with_self	List of computed ingress rules to create where 'self' is defined	`list(map(string))`	`[]`	no
computed_ingress_with_source_security_group_id	List of computed ingress rules to create where 'source_security_group_id' is used	`list(map(string))`	`[]`	no
create	Whether to create security group and all rules	`bool`	`true`	no
description	Description of security group	`string`	`"Security Group managed by Terraform"`	no
egress_cidr_blocks	List of IPv4 CIDR ranges to use on all egress rules	`list(string)`	[ "0.0.0.0/0" ]	no
egress_ipv6_cidr_blocks	List of IPv6 CIDR ranges to use on all egress rules	`list(string)`	[ "::/0" ]	no
egress_prefix_list_ids	List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules	`list(string)`	`[]`	no
egress_rules	List of egress rules to create by name	`list(string)`	`[]`	no
egress_with_cidr_blocks	List of egress rules to create where 'cidr_blocks' is used	`list(map(string))`	`[]`	no
egress_with_ipv6_cidr_blocks	List of egress rules to create where 'ipv6_cidr_blocks' is used	`list(map(string))`	`[]`	no
egress_with_self	List of egress rules to create where 'self' is defined	`list(map(string))`	`[]`	no
egress_with_source_security_group_id	List of egress rules to create where 'source_security_group_id' is used	`list(map(string))`	`[]`	no
ingress_cidr_blocks	List of IPv4 CIDR ranges to use on all ingress rules	`list(string)`	`[]`	no
ingress_ipv6_cidr_blocks	List of IPv6 CIDR ranges to use on all ingress rules	`list(string)`	`[]`	no
ingress_prefix_list_ids	List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules	`list(string)`	`[]`	no
ingress_rules	List of ingress rules to create by name	`list(string)`	`[]`	no
ingress_with_cidr_blocks	List of ingress rules to create where 'cidr_blocks' is used	`list(map(string))`	`[]`	no
ingress_with_ipv6_cidr_blocks	List of ingress rules to create where 'ipv6_cidr_blocks' is used	`list(map(string))`	`[]`	no
ingress_with_self	List of ingress rules to create where 'self' is defined	`list(map(string))`	`[]`	no
ingress_with_source_security_group_id	List of ingress rules to create where 'source_security_group_id' is used	`list(map(string))`	`[]`	no
name	Name of security group	`string`	n/a	yes
number_of_computed_egress_rules	Number of computed egress rules to create by name	`number`	`0`	no
number_of_computed_egress_with_cidr_blocks	Number of computed egress rules to create where 'cidr_blocks' is used	`number`	`0`	no
number_of_computed_egress_with_ipv6_cidr_blocks	Number of computed egress rules to create where 'ipv6_cidr_blocks' is used	`number`	`0`	no
number_of_computed_egress_with_self	Number of computed egress rules to create where 'self' is defined	`number`	`0`	no
number_of_computed_egress_with_source_security_group_id	Number of computed egress rules to create where 'source_security_group_id' is used	`number`	`0`	no
number_of_computed_ingress_rules	Number of computed ingress rules to create by name	`number`	`0`	no
number_of_computed_ingress_with_cidr_blocks	Number of computed ingress rules to create where 'cidr_blocks' is used	`number`	`0`	no
number_of_computed_ingress_with_ipv6_cidr_blocks	Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used	`number`	`0`	no
number_of_computed_ingress_with_self	Number of computed ingress rules to create where 'self' is defined	`number`	`0`	no
number_of_computed_ingress_with_source_security_group_id	Number of computed ingress rules to create where 'source_security_group_id' is used	`number`	`0`	no
revoke_rules_on_delete	Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR.	`bool`	`false`	no
rules	Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description'])	`map(list(any))`	{ "_": [ "", "", "" ], "activemq-5671-tcp": [ 5671, 5671, "tcp", "ActiveMQ AMQP" ], "activemq-61614-tcp": [ 61614, 61614, "tcp", "ActiveMQ STOMP" ], "activemq-61617-tcp": [ 61617, 61617, "tcp", "ActiveMQ OpenWire" ], "activemq-61619-tcp": [ 61619, 61619, "tcp", "ActiveMQ WebSocket" ], "activemq-8883-tcp": [ 8883, 8883, "tcp", "ActiveMQ MQTT" ], "alertmanager-9093-tcp": [ 9093, 9093, "tcp", "Alert Manager" ], "alertmanager-9094-tcp": [ 9094, 9094, "tcp", "Alert Manager Cluster" ], "all-all": [ -1, -1, "-1", "All protocols" ], "all-icmp": [ -1, -1, "icmp", "All IPV4 ICMP" ], "all-ipv6-icmp": [ -1, -1, 58, "All IPV6 ICMP" ], "all-tcp": [ 0, 65535, "tcp", "All TCP ports" ], "all-udp": [ 0, 65535, "udp", "All UDP ports" ], "carbon-admin-tcp": [ 2004, 2004, "tcp", "Carbon admin" ], "carbon-gui-udp": [ 8081, 8081, "tcp", "Carbon GUI" ], "carbon-line-in-tcp": [ 2003, 2003, "tcp", "Carbon line-in" ], "carbon-line-in-udp": [ 2003, 2003, "udp", "Carbon line-in" ], "carbon-pickle-tcp": [ 2013, 2013, "tcp", "Carbon pickle" ], "carbon-pickle-udp": [ 2013, 2013, "udp", "Carbon pickle" ], "cassandra-clients-tcp": [ 9042, 9042, "tcp", "Cassandra clients" ], "cassandra-jmx-tcp": [ 7199, 7199, "tcp", "JMX" ], "cassandra-thrift-clients-tcp": [ 9160, 9160, "tcp", "Cassandra Thrift clients" ], "consul-cli-rpc-tcp": [ 8400, 8400, "tcp", "Consul CLI RPC" ], "consul-dns-tcp": [ 8600, 8600, "tcp", "Consul DNS" ], "consul-dns-udp": [ 8600, 8600, "udp", "Consul DNS" ], "consul-serf-lan-tcp": [ 8301, 8301, "tcp", "Serf LAN" ], "consul-serf-lan-udp": [ 8301, 8301, "udp", "Serf LAN" ], "consul-serf-wan-tcp": [ 8302, 8302, "tcp", "Serf WAN" ], "consul-serf-wan-udp": [ 8302, 8302, "udp", "Serf WAN" ], "consul-tcp": [ 8300, 8300, "tcp", "Consul server" ], "consul-webui-tcp": [ 8500, 8500, "tcp", "Consul web UI" ], "dns-tcp": [ 53, 53, "tcp", "DNS" ], "dns-udp": [ 53, 53, "udp", "DNS" ], "docker-swarm-mngmt-tcp": [ 2377, 2377, "tcp", "Docker Swarm cluster management" ], "docker-swarm-node-tcp": [ 7946, 7946, "tcp", "Docker Swarm node" ], "docker-swarm-node-udp": [ 7946, 7946, "udp", "Docker Swarm node" ], "docker-swarm-overlay-udp": [ 4789, 4789, "udp", "Docker Swarm Overlay Network Traffic" ], "elasticsearch-java-tcp": [ 9300, 9300, "tcp", "Elasticsearch Java interface" ], "elasticsearch-rest-tcp": [ 9200, 9200, "tcp", "Elasticsearch REST interface" ], "grafana-tcp": [ 3000, 3000, "tcp", "Grafana Dashboard" ], "graphite-2003-tcp": [ 2003, 2003, "tcp", "Carbon receiver plain text" ], "graphite-2004-tcp": [ 2004, 2004, "tcp", "Carbon receiver pickle" ], "graphite-2023-tcp": [ 2023, 2023, "tcp", "Carbon aggregator plaintext" ], "graphite-2024-tcp": [ 2024, 2024, "tcp", "Carbon aggregator pickle" ], "graphite-8080-tcp": [ 8080, 8080, "tcp", "Graphite gunicorn port" ], "graphite-8125-tcp": [ 8125, 8125, "tcp", "Statsd TCP" ], "graphite-8125-udp": [ 8125, 8125, "udp", "Statsd UDP default" ], "graphite-8126-tcp": [ 8126, 8126, "tcp", "Statsd admin" ], "graphite-webui": [ 80, 80, "tcp", "Graphite admin interface" ], "http-80-tcp": [ 80, 80, "tcp", "HTTP" ], "http-8080-tcp": [ 8080, 8080, "tcp", "HTTP" ], "https-443-tcp": [ 443, 443, "tcp", "HTTPS" ], "https-8443-tcp": [ 8443, 8443, "tcp", "HTTPS" ], "ipsec-4500-udp": [ 4500, 4500, "udp", "IPSEC NAT-T" ], "ipsec-500-udp": [ 500, 500, "udp", "IPSEC ISAKMP" ], "kafka-broker-tcp": [ 9092, 9092, "tcp", "Kafka broker 0.8.2+" ], "kafka-broker-tls-tcp": [ 9094, 9094, "tcp", "Kafka TLS enabled broker 0.8.2+" ], "kafka-jmx-exporter-tcp": [ 11001, 11001, "tcp", "Kafka JMX Exporter" ], "kafka-node-exporter-tcp": [ 11002, 11002, "tcp", "Kafka Node Exporter" ], "kibana-tcp": [ 5601, 5601, "tcp", "Kibana Web Interface" ], "kubernetes-api-tcp": [ 6443, 6443, "tcp", "Kubernetes API Server" ], "ldap-tcp": [ 389, 389, "tcp", "LDAP" ], "ldaps-tcp": [ 636, 636, "tcp", "LDAPS" ], "logstash-tcp": [ 5044, 5044, "tcp", "Logstash" ], "memcached-tcp": [ 11211, 11211, "tcp", "Memcached" ], "minio-tcp": [ 9000, 9000, "tcp", "MinIO" ], "mongodb-27017-tcp": [ 27017, 27017, "tcp", "MongoDB" ], "mongodb-27018-tcp": [ 27018, 27018, "tcp", "MongoDB shard" ], "mongodb-27019-tcp": [ 27019, 27019, "tcp", "MongoDB config server" ], "mssql-analytics-tcp": [ 2383, 2383, "tcp", "MSSQL Analytics" ], "mssql-broker-tcp": [ 4022, 4022, "tcp", "MSSQL Broker" ], "mssql-tcp": [ 1433, 1433, "tcp", "MSSQL Server" ], "mssql-udp": [ 1434, 1434, "udp", "MSSQL Browser" ], "mysql-tcp": [ 3306, 3306, "tcp", "MySQL/Aurora" ], "nfs-tcp": [ 2049, 2049, "tcp", "NFS/EFS" ], "nomad-http-tcp": [ 4646, 4646, "tcp", "Nomad HTTP" ], "nomad-rpc-tcp": [ 4647, 4647, "tcp", "Nomad RPC" ], "nomad-serf-tcp": [ 4648, 4648, "tcp", "Serf" ], "nomad-serf-udp": [ 4648, 4648, "udp", "Serf" ], "ntp-udp": [ 123, 123, "udp", "NTP" ], "openvpn-https-tcp": [ 443, 443, "tcp", "OpenVPN" ], "openvpn-tcp": [ 943, 943, "tcp", "OpenVPN" ], "openvpn-udp": [ 1194, 1194, "udp", "OpenVPN" ], "oracle-db-tcp": [ 1521, 1521, "tcp", "Oracle" ], "postgresql-tcp": [ 5432, 5432, "tcp", "PostgreSQL" ], "prometheus-http-tcp": [ 9090, 9090, "tcp", "Prometheus" ], "prometheus-pushgateway-http-tcp": [ 9091, 9091, "tcp", "Prometheus Pushgateway" ], "puppet-tcp": [ 8140, 8140, "tcp", "Puppet" ], "puppetdb-tcp": [ 8081, 8081, "tcp", "PuppetDB" ], "rabbitmq-15672-tcp": [ 15672, 15672, "tcp", "RabbitMQ" ], "rabbitmq-25672-tcp": [ 25672, 25672, "tcp", "RabbitMQ" ], "rabbitmq-4369-tcp": [ 4369, 4369, "tcp", "RabbitMQ epmd" ], "rabbitmq-5671-tcp": [ 5671, 5671, "tcp", "RabbitMQ" ], "rabbitmq-5672-tcp": [ 5672, 5672, "tcp", "RabbitMQ" ], "rdp-tcp": [ 3389, 3389, "tcp", "Remote Desktop" ], "rdp-udp": [ 3389, 3389, "udp", "Remote Desktop" ], "redis-tcp": [ 6379, 6379, "tcp", "Redis" ], "redshift-tcp": [ 5439, 5439, "tcp", "Redshift" ], "solr-tcp": [ 8983, 8987, "tcp", "Solr" ], "splunk-hec-tcp": [ 8088, 8088, "tcp", "Splunk HEC" ], "splunk-indexer-tcp": [ 9997, 9997, "tcp", "Splunk indexer" ], "splunk-splunkd-tcp": [ 8089, 8089, "tcp", "Splunkd" ], "splunk-web-tcp": [ 8000, 8000, "tcp", "Splunk Web" ], "squid-proxy-tcp": [ 3128, 3128, "tcp", "Squid default proxy" ], "ssh-tcp": [ 22, 22, "tcp", "SSH" ], "storm-nimbus-tcp": [ 6627, 6627, "tcp", "Nimbus" ], "storm-supervisor-tcp": [ 6700, 6703, "tcp", "Supervisor" ], "storm-ui-tcp": [ 8080, 8080, "tcp", "Storm UI" ], "web-jmx-tcp": [ 1099, 1099, "tcp", "JMX" ], "winrm-http-tcp": [ 5985, 5985, "tcp", "WinRM HTTP" ], "winrm-https-tcp": [ 5986, 5986, "tcp", "WinRM HTTPS" ], "zipkin-admin-query-tcp": [ 9901, 9901, "tcp", "Zipkin Admin port query" ], "zipkin-admin-tcp": [ 9990, 9990, "tcp", "Zipkin Admin port collector" ], "zipkin-admin-web-tcp": [ 9991, 9991, "tcp", "Zipkin Admin port web" ], "zipkin-query-tcp": [ 9411, 9411, "tcp", "Zipkin query port" ], "zipkin-web-tcp": [ 8080, 8080, "tcp", "Zipkin web port" ], "zookeeper-2181-tcp": [ 2181, 2181, "tcp", "Zookeeper" ], "zookeeper-2888-tcp": [ 2888, 2888, "tcp", "Zookeeper" ], "zookeeper-3888-tcp": [ 3888, 3888, "tcp", "Zookeeper" ], "zookeeper-jmx-tcp": [ 7199, 7199, "tcp", "JMX" ] }	no
tags	A mapping of tags to assign to security group	`map(string)`	`{}`	no
use_name_prefix	Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation	`bool`	`true`	no
vpc_id	ID of the VPC where to create security group	`string`	n/a	yes

Outputs

Name	Description
this_security_group_description	The description of the security group
this_security_group_id	The ID of the security group
this_security_group_name	The name of the security group
this_security_group_owner_id	The owner ID
this_security_group_vpc_id	The VPC ID

Authors

Module managed by Anton Babenko.

License

Apache 2 Licensed. See LICENSE for full details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 326

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (28) 🔗