Reputation: 23771
Allow access to one AWS security group to another using terraform
I want to give an access to one security group to another but I am not able to get it work, can somebody point me, where I am doing wrong.
here is my module's main.tf:
resource "aws_security_group" "rds_sg" {
name = "${var.name}-${var.environment}-rds"
description = "Security Group ${var.name}-${var.environment}"
vpc_id = "${var.vpc_id}"
tags {
Name = "${var.name}-${var.environment}-rds"
environment = "${var.environment}"
}
// allows traffic from the SG itself
ingress {
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
// allow traffic for TCP 3306
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_group_id = "${var.security_group_id}"
}
// outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
output "rds_sg_id" {
value = "${aws_db_security_group.rds_sg.id}"
}
Module's variables.tf:
// Module specific variables
variable "name" {
default = "test"
}
variable "environment" {
default = "test"
}
variable "vpc_id" {
description = "The VPC this security group will go in"
}
variable "security_group_id" {
description = "Security Group id"
}
where the value of security_groups_id came to another module, so in my main file it is like this:
module "rds_sg" {
source = "./modules/rds_sg"
name = "tendo"
environment = "dev"
vpc_id = "${module.vpc_subnets.vpc_id}"
security_group_id = "${module.web_sg.web_sg_id}"
}
but when I try to execute the "terraform", I am getting this error:
Errors:
* 1 error(s) occurred:
* module root: module rds_sg: security_group_id is not a valid parameter
Upvotes: 5
Views: 13439
Answers (4)
Reputation: 2975
Implementing the rule using aws_security_group_rule Terraform resource.
resource "aws_security_group_rule" "ingress" {
type = "ingress"
from_port = 3306
to_port = 3306
protocol = "tcp"
source_security_group_id = var.security_group_id
security_group_id = aws_security_group.rds_sg.id
}
Upvotes: 4
Reputation: 2314
Following worked for me, here i am allowing all port for one security group.
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
security_groups = ["${aws_security_group.OTHER_SECURITY_GROUP_NAME.id}"]
}
Upvotes: 1
Reputation: 1171
I think I've found the issue; you're using the wrong argument for providing security groups in the module's main.tf. See the modified code below and the documentation here.
// allow traffic for TCP 3306
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = ["${var.security_group_id}"]
}
Upvotes: 6
Reputation: 1
Output the ID of the security group as a variable.
output "rds_sg_id" {
value = "${aws_security_group.rds_sg.id}"
}
When using the security group
// allow traffic for TCP 3306
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_group_id = "${var.rds_sg_id}"
}
Upvotes: 0
Related Questions
- Unable to access variables inside a module
- terraform the db instance and ec2 security group are in different vpcs
- Terraform for loop to generate security groups with different ports and protocols
- Terraform: Allow all internal traffic inside aws security group
- Terraform for loop to generate security group rules
- Unsupported argument .An argument named “subnet_id” is not expected here
- Cycle error when trying to create AWS VPC security groups using Terraform
- AWS and Terraform - Default egress rule in security group
- How can I set the security group rule description with Terraform?