Reputation: 717
Terraform AWS Security group self reference
I am using terraform for AWS resource provisioning. I need to self reference "mySG". from Terraform documentation i can use
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
but how about the different Protocols? Using Console There are below historic inbound rules available:
Type Protocol PortRange Source
1. All TCP TCP 0-65535 mySG
2. All UDP UDP 0-65535 mySG
3. Custom TCP TCP 1856 mySG
(is Third entry required?, considering first entry for all port) does the ingress rule described above takes care of all 3 entries? If not the what should be the terraform syntax.
Upvotes: 4
Views: 6561
Answers (1)
Reputation: 3963
You can implement a self referential group by splitting the sec group from the rules using the resources aws_security_group and aws_security_group_rule respectively. Doing this, combined with your 3 existing rules, would loosely look like this terraform:
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "${local.vpc_id}"
}
resource "aws_security_group_rule" "sec_group_allow_tcp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_udp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "udp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865 // first part of port range
to_port = 1865 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
Note that the rule takes a protocol type, from port/to port (for the range), and an optional source_security_group_id to specify
Upvotes: 8
Related Questions
- Add an aws_security_group_rule that contains self and a security group id to a security group
- Terraform - Dynamically create resources in AWS security group
- Use existing AWS security group in terraform
- Security group created by Terraform has no rules
- Terraform Import aws security group resources created using terraform-aws-modules/security-group/aws//modules/web
- Using data for existing resource (security group), getting: A managed resource has not been declared in the root module
- How to attach a security group to aws instance in terraform
- Terraform AWS-EC2 security groups
- Terraform for aws security group create with name prefix
- self-reference not allowed in Security Group definition