You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
**out_security_group_id** is the fundamental module output **string** variable.
23
25
24
-
## [Examples](integration.test.dir)
25
26
26
-
For best results use this module in conjuction with the **[vpc subnets module](../../../terraform-aws-vpc-network)**. Visit the **[integration tests](integration.test.dir)** to discover how **just 2 simple modules** can create a VPC, subnets, internet gateway, route, security group and security group rules.
27
+
---
28
+
29
+
30
+
## [Run the Example](https://github.com/devops4me/terraform-aws-security-group/tree/master/example)
31
+
32
+
You can run the example to see this module create a number of VPCs with varying attributes such as the number of private/public subnets.
27
33
28
-
These base infrastructure components house every AWS eco-system and are designed to increase the productivity and efficiency of a devops engineer.
29
34
30
35
31
36
## Use Case
@@ -39,18 +44,21 @@ What is the use case flow at the heart of this security group rule creation modu
39
44
- the rules can apply the specified IP address ranges (through CIDR blocks for the source and/or destination of traffic to allow.
40
45
41
46
42
-
## Inputs
47
+
---
48
+
49
+
50
+
## Module Inputs
43
51
44
52
The security group's input variables are vital to achieving the desired behaviour.
45
53
46
54
| Imported | Type | Default | Comment |
47
-
|:-------- |:----|:------- |:------- |
48
-
**in_vpc_id** | String | vpc-1234567890 | create security group/s under VPC with this id
49
-
**in_ingress** | List | [ "postgres", "https"] | identify the ports to allow for inbound traffic
50
-
**in_egress** | List | [ "all-traffic" ] | identify the ports to allow for outbound traffic
51
-
**in_ingress_cidr_blocks** | List | [ "0.0.0.0/0"] | list of source incoming traffic addresses to allow
52
-
**in_egress_cidr_blocks** | List | [ "0.0.0.0/0"] | list of VPC source outgoing traffic addresses to allow
53
-
**in_ecosystem** | String | kube-19188-2306 | the ecosystem's identifier including a timestamp
55
+
|:-------- |:----:|:------- |:------- |
56
+
**`in_vpc_id`** | string | vpc-1234567890 | create security group/s under VPC with this id
57
+
**`in_ingress`** | list | [ "postgres", "https"] | identify the ports to allow for inbound traffic
58
+
**`in_egress`** | list | [ "all-traffic" ] | identify the ports to allow for outbound traffic
59
+
**`in_ingress_cidr_blocks`** | list | [ "0.0.0.0/0"] | list of source incoming traffic addresses to allow
60
+
**`in_egress_cidr_blocks`** | list | [ "0.0.0.0/0"] | list of VPC source outgoing traffic addresses to allow
61
+
**`in_ecosystem`** | string | kube-19188-2306 | the ecosystem's identifier including a timestamp
54
62
55
63
## Alternate Module Inputs
56
64
@@ -94,38 +102,29 @@ Clearly you will want to allow ingress and egress traffic for various middleware
94
102
Note that if you create an all traffic egress rule and you have an **IPV6 cidr block**, AWS will create an extra **::/0** egress rule in addition to the 0.0.0.0/0 (IPV4) rule.
95
103
96
104
97
-
##Outputs
105
+
### Optional Resource Tag Inputs
98
106
99
-
| Exported | Type | Comment |
100
-
|:------------------------ |:------ |:------- |
101
-
**out_security_group_id** | String | ID of the security group that contains the specified rules
107
+
Most organisations have a mandatory set of tags that must be placed on AWS resources for cost and billing reports. Typically they denote owners and specify whether environments are prod or non-prod.
102
108
109
+
| Input Variable | Variable Description | Input Example
**`in_ecosystem`** | the ecosystem (environment) name these resources belong to | **`my-app-test`** or **`kubernetes-cluster`**
112
+
**`in_timestamp`** | the timestamp in resource names helps you identify which environment instance resources belong to | **`1911021435`** as **`$(date +%y%m%d%H%M%S)`**
113
+
**`in_description`** | a human readable description usually stating who is creating the resource and when and where | "was created by $USER@$HOSTNAME on $(date)."
103
114
104
-
### Contributing
115
+
Try **`echo $(date +%y%m%d%H%M%S)`** to check your timestamp and **`echo "was created by $USER@$HOSTNAME on $(date)."`** to check your description. Here is how you can send these values to terraform.
105
116
106
-
Bug reports and pull requests are welcome on GitHub at the https://github.com/devops4me/terraform-aws-security-group page. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
117
+
```
118
+
export TF_VAR_in_timestamp=$(date +%y%m%d%H%M%S)
119
+
export TF_VAR_in_description="was created by $USER@$HOSTNAME on $(date)."
120
+
```
107
121
108
-
License
109
-
-------
110
122
111
-
MIT License
112
-
Copyright (c) 2006 - 2014
123
+
---
113
124
114
-
Permission is hereby granted, free of charge, to any person obtaining
115
-
a copy of this software and associated documentation files (the
116
-
'Software'), to deal in the Software without restriction, including
117
-
without limitation the rights to use, copy, modify, merge, publish,
118
-
distribute, sublicense, and/or sell copies of the Software, and to
119
-
permit persons to whom the Software is furnished to do so, subject to
120
-
the following conditions:
121
125
122
-
The above copyright notice and this permission notice shall be
123
-
included in all copies or substantial portions of the Software.
126
+
## Module Outputs
124
127
125
-
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
126
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
127
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
128
-
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
129
-
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
130
-
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
131
-
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
128
+
| Exported | Type | Comment |
129
+
|:------------------------ |:------ |:------- |
130
+
**`out_security_group_id`** | String | ID of the security group that contains the specified rules
0 commit comments