diff --git a/README.yaml b/README.yaml index d1ea988..c12dcb6 100644 --- a/README.yaml +++ b/README.yaml @@ -44,36 +44,20 @@ usage: |- ```hcl # use this module "security_group" { - source = "clouddrove/security-group/aws" - version = "2.0.0" - name = local.name - environment = local.environment + source = "clouddrove/security-group/aws" + version = "2.0.0" + name = "app" + environment = "test" vpc_id = module.vpc.vpc_id ## INGRESS Rules new_sg_ingress_rules_with_cidr_blocks = [{ - rule_count = 1 - from_port = 20 - protocol = "udp" - to_port = 22 - cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - cidr_blocks = ["172.16.0.0/16"] - } - ] - - ## EGRESS Rules - new_sg_egress_rules_with_cidr_blocks = [{ rule_count = 1 from_port = 22 protocol = "tcp" to_port = 22 cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] + description = "Allow ssh traffic." }, { rule_count = 2 @@ -81,7 +65,9 @@ usage: |- protocol = "tcp" to_port = 27017 cidr_blocks = ["172.16.0.0/16"] - }] + description = "Allow Mongodb traffic." + } + ] } ``` @@ -89,8 +75,8 @@ usage: |- module "security_group_rules" { source = "clouddrove/security-group/aws" version = "2.0.0" - name = local.name - environment = local.environment + name = "app" + environment = "test" vpc_id = "vpc-xxxxxxxxx" new_sg = false existing_sg_id = "sg-xxxxxxxxx" @@ -98,10 +84,11 @@ usage: |- ## INGRESS Rules existing_sg_ingress_rules_with_cidr_blocks = [{ rule_count = 1 - from_port = 20 - protocol = "udp" + from_port = 22 + protocol = "tcp" to_port = 22 cidr_blocks = ["10.9.0.0/16"] + description = "Allow ssh traffic." }, { rule_count = 2 @@ -109,20 +96,23 @@ usage: |- protocol = "tcp" to_port = 27017 cidr_blocks = ["10.9.0.0/16"] + description = "Allow Mongodb traffic." } ] existing_sg_ingress_rules_with_self = [{ - rule_count = 1 - from_port = 20 - protocol = "tcp" - to_port = 22 + rule_count = 1 + from_port = 22 + protocol = "tcp" + to_port = 22 + description = "Allow ssh traffic." }, { - rule_count = 2 - from_port = 270 - protocol = "tcp" - to_port = 270 + rule_count = 2 + from_port = 27017 + protocol = "tcp" + to_port = 27017 + description = "Allow Mongodb traffic." } ] @@ -132,6 +122,7 @@ usage: |- protocol = "tcp" to_port = 22 source_security_group_id = "sg-xxxxxxxxx" + description = "Allow ssh traffic." }, { rule_count = 2 @@ -139,14 +130,8 @@ usage: |- protocol = "tcp" to_port = 27017 source_security_group_id = "sg-xxxxxxxxx" - }, - { - rule_count = 3 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" - }] + description = "Allow Mongodb traffic." + }] ## EGRESS Rules existing_sg_egress_rules_with_cidr_blocks = [{ @@ -155,6 +140,7 @@ usage: |- protocol = "tcp" to_port = 22 cidr_blocks = ["10.9.0.0/16"] + description = "Allow ssh outbound traffic." }, { rule_count = 2 @@ -162,19 +148,22 @@ usage: |- protocol = "tcp" to_port = 27017 cidr_blocks = ["10.9.0.0/16"] + description = "Allow Mongodb outbound traffic." }] existing_sg_egress_rules_with_self = [{ - rule_count = 1 - from_port = 20 - protocol = "tcp" - to_port = 22 + rule_count = 1 + from_port = 22 + protocol = "tcp" + to_port = 22 + description = "Allow ssh outbound traffic." }, { - rule_count = 2 - from_port = 270 - protocol = "tcp" - to_port = 270 + rule_count = 2 + from_port = 27017 + protocol = "tcp" + to_port = 27017 + description = "Allow Mongodb outbound traffic." }] existing_sg_egress_rules_with_source_sg_id = [{ @@ -183,6 +172,7 @@ usage: |- protocol = "tcp" to_port = 22 source_security_group_id = "sg-xxxxxxxxx" + description = "Allow ssh outbound traffic." }, { rule_count = 2 @@ -190,14 +180,8 @@ usage: |- protocol = "tcp" to_port = 27017 source_security_group_id = "sg-xxxxxxxxx" - }, - { - rule_count = 3 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" - }] + description = "Allow Mongodb outbound traffic." + }] } ``` @@ -205,8 +189,8 @@ usage: |- module "security_group" { source = "clouddrove/security-group/aws" version = "2.0.0" - name = local.name - environment = local.environment + name = "app" + environment = "test" vpc_id = module.vpc.vpc_id prefix_list_enabled = true entry = [{ @@ -215,30 +199,20 @@ usage: |- ## INGRESS Rules new_sg_ingress_rules_with_prefix_list = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - }, - { - rule_count = 2 - from_port = 20 - protocol = "tcp" - to_port = 21 + rule_count = 1 + from_port = 22 + protocol = "tcp" + to_port = 22 + description = "Allow ssh traffic." } ] ## EGRESS Rules new_sg_egress_rules_with_prefix_list = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - }, - { - rule_count = 2 - from_port = 20 - protocol = "tcp" - to_port = 21 + rule_count = 1 + from_port = 0 + protocol = "-1" + to_port = 0 + description = "Allow all outbound traffic." } ] } diff --git a/_example/basic/example.tf b/_example/basic/example.tf index 44a06d1..ce03ed9 100644 --- a/_example/basic/example.tf +++ b/_example/basic/example.tf @@ -22,35 +22,20 @@ module "vpc" { ## Security Group Module Call. ##----------------------------------------------------------------------------- module "security_group" { - source = "./../../" + source = "clouddrove/security-group/aws" + version = "2.0.0" name = local.name environment = local.environment vpc_id = module.vpc.vpc_id ## INGRESS Rules new_sg_ingress_rules_with_cidr_blocks = [{ - rule_count = 1 - from_port = 20 - protocol = "udp" - to_port = 22 - cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - cidr_blocks = ["172.16.0.0/16"] - } - ] - - ## EGRESS Rules - new_sg_egress_rules_with_cidr_blocks = [{ rule_count = 1 from_port = 22 protocol = "tcp" to_port = 22 cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] + description = "Allow ssh traffic." }, { rule_count = 2 @@ -58,5 +43,7 @@ module "security_group" { protocol = "tcp" to_port = 27017 cidr_blocks = ["172.16.0.0/16"] - }] + description = "Allow Mongodb traffic." + } + ] } \ No newline at end of file diff --git a/_example/complete/example.tf b/_example/complete/example.tf index 6004dd6..101fecb 100644 --- a/_example/complete/example.tf +++ b/_example/complete/example.tf @@ -22,7 +22,8 @@ module "vpc" { ## Security Group Module Call. ##----------------------------------------------------------------------------- module "security_group" { - source = "./../../" + source = "clouddrove/security-group/aws" + version = "2.0.0" name = local.name environment = local.environment vpc_id = module.vpc.vpc_id @@ -30,10 +31,11 @@ module "security_group" { ## INGRESS Rules new_sg_ingress_rules_with_cidr_blocks = [{ rule_count = 1 - from_port = 20 - protocol = "udp" + from_port = 22 + protocol = "tcp" to_port = 22 cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] + description = "Allow ssh traffic." }, { rule_count = 2 @@ -41,80 +43,33 @@ module "security_group" { protocol = "tcp" to_port = 27017 cidr_blocks = ["172.16.0.0/16"] + description = "Allow Mongodb traffic." } ] new_sg_ingress_rules_with_self = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - }, - { - rule_count = 2 - from_port = 27017 - protocol = "-1" - to_port = 27017 - } - ] - - new_sg_ingress_rules_with_source_sg_id = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - source_security_group_id = "sg-xxxxxxxxx" - }, - { - rule_count = 3 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" - }] - - ## EGRESS Rules - new_sg_egress_rules_with_cidr_blocks = [{ rule_count = 1 from_port = 22 protocol = "tcp" to_port = 22 - cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] + description = "Allow ssh traffic." }, { rule_count = 2 from_port = 27017 protocol = "tcp" to_port = 27017 - cidr_blocks = ["172.16.0.0/16"] - }] - - new_sg_egress_rules_with_self = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - }] + description = "Allow Mongodb traffic." + } + ] - new_sg_egress_rules_with_source_sg_id = [{ + new_sg_ingress_rules_with_source_sg_id = [{ rule_count = 1 from_port = 22 protocol = "tcp" to_port = 22 source_security_group_id = "sg-xxxxxxxxx" + description = "Allow ssh traffic." }, { rule_count = 2 @@ -122,12 +77,6 @@ module "security_group" { protocol = "tcp" to_port = 27017 source_security_group_id = "sg-xxxxxxxxx" - }, - { - rule_count = 3 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" + description = "Allow Mongodb traffic." }] } \ No newline at end of file diff --git a/_example/only_rules/example.tf b/_example/only_rules/example.tf index 07aa828..e646b17 100644 --- a/_example/only_rules/example.tf +++ b/_example/only_rules/example.tf @@ -11,7 +11,8 @@ locals { ## Security Group Rules Module Call. ##----------------------------------------------------------------------------- module "security_group_rules" { - source = "./../../" + source = "clouddrove/security-group/aws" + version = "2.0.0" name = local.name environment = local.environment vpc_id = "vpc-xxxxxxxxx" @@ -21,10 +22,11 @@ module "security_group_rules" { ## INGRESS Rules existing_sg_ingress_rules_with_cidr_blocks = [{ rule_count = 1 - from_port = 20 - protocol = "udp" + from_port = 22 + protocol = "tcp" to_port = 22 cidr_blocks = ["10.9.0.0/16"] + description = "Allow ssh traffic." }, { rule_count = 2 @@ -32,20 +34,23 @@ module "security_group_rules" { protocol = "tcp" to_port = 27017 cidr_blocks = ["10.9.0.0/16"] + description = "Allow Mongodb traffic." } ] existing_sg_ingress_rules_with_self = [{ - rule_count = 1 - from_port = 20 - protocol = "tcp" - to_port = 22 + rule_count = 1 + from_port = 22 + protocol = "tcp" + to_port = 22 + description = "Allow ssh traffic." }, { - rule_count = 2 - from_port = 270 - protocol = "tcp" - to_port = 270 + rule_count = 2 + from_port = 27017 + protocol = "tcp" + to_port = 27017 + description = "Allow Mongodb traffic." } ] @@ -55,6 +60,7 @@ module "security_group_rules" { protocol = "tcp" to_port = 22 source_security_group_id = "sg-xxxxxxxxx" + description = "Allow ssh traffic." }, { rule_count = 2 @@ -62,13 +68,7 @@ module "security_group_rules" { protocol = "tcp" to_port = 27017 source_security_group_id = "sg-xxxxxxxxx" - }, - { - rule_count = 3 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" + description = "Allow Mongodb traffic." }] ## EGRESS Rules @@ -78,6 +78,7 @@ module "security_group_rules" { protocol = "tcp" to_port = 22 cidr_blocks = ["10.9.0.0/16"] + description = "Allow ssh outbound traffic." }, { rule_count = 2 @@ -85,19 +86,22 @@ module "security_group_rules" { protocol = "tcp" to_port = 27017 cidr_blocks = ["10.9.0.0/16"] + description = "Allow Mongodb outbound traffic." }] existing_sg_egress_rules_with_self = [{ - rule_count = 1 - from_port = 20 - protocol = "tcp" - to_port = 22 + rule_count = 1 + from_port = 22 + protocol = "tcp" + to_port = 22 + description = "Allow ssh outbound traffic." }, { - rule_count = 2 - from_port = 270 - protocol = "tcp" - to_port = 270 + rule_count = 2 + from_port = 27017 + protocol = "tcp" + to_port = 27017 + description = "Allow Mongodb outbound traffic." }] existing_sg_egress_rules_with_source_sg_id = [{ @@ -106,6 +110,7 @@ module "security_group_rules" { protocol = "tcp" to_port = 22 source_security_group_id = "sg-xxxxxxxxx" + description = "Allow ssh outbound traffic." }, { rule_count = 2 @@ -113,12 +118,6 @@ module "security_group_rules" { protocol = "tcp" to_port = 27017 source_security_group_id = "sg-xxxxxxxxx" - }, - { - rule_count = 3 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" + description = "Allow Mongodb outbound traffic." }] } \ No newline at end of file diff --git a/_example/prefix_list/example.tf b/_example/prefix_list/example.tf index 5de5b03..7a20f80 100644 --- a/_example/prefix_list/example.tf +++ b/_example/prefix_list/example.tf @@ -22,7 +22,8 @@ module "vpc" { ## Security Group Module Call. ##----------------------------------------------------------------------------- module "security_group" { - source = "./../../" + source = "clouddrove/security-group/aws" + version = "2.0.0" name = local.name environment = local.environment vpc_id = module.vpc.vpc_id @@ -33,30 +34,20 @@ module "security_group" { ## INGRESS Rules new_sg_ingress_rules_with_prefix_list = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - }, - { - rule_count = 2 - from_port = 20 - protocol = "tcp" - to_port = 21 + rule_count = 1 + from_port = 22 + protocol = "tcp" + to_port = 22 + description = "Allow ssh traffic." } ] ## EGRESS Rules new_sg_egress_rules_with_prefix_list = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - }, - { - rule_count = 2 - from_port = 20 - protocol = "tcp" - to_port = 21 + rule_count = 1 + from_port = 0 + protocol = "-1" + to_port = 0 + description = "Allow all outbound traffic." } ] } \ No newline at end of file diff --git a/variables.tf b/variables.tf index 0e13a73..0f2a05e 100644 --- a/variables.tf +++ b/variables.tf @@ -114,8 +114,15 @@ variable "existing_sg_ingress_rules_with_prefix_list" { } variable "new_sg_egress_rules_with_cidr_blocks" { - type = any - default = {} + type = any + default = [{ + rule_count = 1 + from_port = 0 + protocol = "-1" + to_port = 0 + cidr_blocks = ["0.0.0.0/0"] + description = "Allow all outboud traffic." + }] description = "Egress rules with only cidr_blockd. Should be used when new security group is been deployed." }