From f46949435c1f34729a9882093aa27533e22dd5c1 Mon Sep 17 00:00:00 2001 From: Magicloud <1886157+Magicloud@users.noreply.github.com> Date: Wed, 11 Mar 2020 00:57:09 +0800 Subject: [PATCH] New module single-port-sg-src This is a fork version of single-port-sg module to support source_security_group. --- modules/single-port-sg-src/README.md | 3 ++ modules/single-port-sg-src/main.tf | 67 ++++++++++++++++++++++++++ modules/single-port-sg-src/versions.tf | 4 ++ modules/single-port-sg/README.md | 2 - modules/single-port-sg/main.tf | 2 - 5 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 modules/single-port-sg-src/README.md create mode 100644 modules/single-port-sg-src/main.tf create mode 100644 modules/single-port-sg-src/versions.tf diff --git a/modules/single-port-sg-src/README.md b/modules/single-port-sg-src/README.md new file mode 100644 index 00000000..369d60da --- /dev/null +++ b/modules/single-port-sg-src/README.md @@ -0,0 +1,3 @@ +## Single Port Security Group Rule + +Create an `aws_security_group_rule` to allow ingress on some port. diff --git a/modules/single-port-sg-src/main.tf b/modules/single-port-sg-src/main.tf new file mode 100644 index 00000000..db52abfa --- /dev/null +++ b/modules/single-port-sg-src/main.tf @@ -0,0 +1,67 @@ +/** + * ## Single Port Security Group Rule + * + * Create an `aws_security_group_rule` to allow ingress on some port. + * + */ + +variable "security_group_id" { + description = "security group to attach the ingress rules to" + type = string +} + +variable "source_security_group_id" { + description = "The SG that this SG allows ingress from" + type = string +} + +variable "description" { + description = "Use this string to add a description for the SG rule" + type = string +} + +variable "port" { + description = "The port to open" + type = string +} + +variable "tcp" { + description = "true/false to enables the tcp ingress" + default = "true" + type = string +} + +variable "udp" { + description = "true/false to enables the udp ingress" + default = "false" + type = string +} + +locals { + tcp = "${var.tcp ? 1 : 0}" + udp = "${var.udp ? 1 : 0}" +} + +# ingress rule for tcp, if enabled +resource "aws_security_group_rule" "tcp_ingress" { + count = local.tcp + type = "ingress" + description = "${var.description} (tcp)" + from_port = var.port + to_port = var.port + protocol = "tcp" + security_group_id = var.security_group_id + source_security_group_id = var.source_security_group_id +} + +# ingress rule for udp, if enabled +resource "aws_security_group_rule" "udp_ingress" { + count = local.udp + type = "ingress" + description = "${var.description} (udp)" + from_port = var.port + to_port = var.port + protocol = "udp" + security_group_id = var.security_group_id + source_security_group_id = var.source_security_group_id +} diff --git a/modules/single-port-sg-src/versions.tf b/modules/single-port-sg-src/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/single-port-sg-src/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/single-port-sg/README.md b/modules/single-port-sg/README.md index 5700b438..369d60da 100644 --- a/modules/single-port-sg/README.md +++ b/modules/single-port-sg/README.md @@ -1,5 +1,3 @@ ## Single Port Security Group Rule Create an `aws_security_group_rule` to allow ingress on some port. - -TODO: support both TCP and UDP, use count to enable/disable. diff --git a/modules/single-port-sg/main.tf b/modules/single-port-sg/main.tf index 705e3f5f..84bec946 100644 --- a/modules/single-port-sg/main.tf +++ b/modules/single-port-sg/main.tf @@ -3,8 +3,6 @@ * * Create an `aws_security_group_rule` to allow ingress on some port. * - * TODO: support both TCP and UDP, use count to enable/disable. - * */ variable "security_group_id" {