awscc_ec2_security_group (Resource)

Resource Type definition for AWS::EC2::SecurityGroup

Example Usage

Basic usage

[!WARNING] NOTE on Egress rules: By default, AWS creates an ALLOW ALL egress rule when creating a new Security Group inside of a VPC.

resource "awscc_ec2_security_group" "example" {
  group_description = "Security group example"
  vpc_id            = awscc_ec2_vpc.selected.id

  tags = [
    {
      key   = "Name"
      value = "Example SG"
    }
  ]
}

resource "awscc_ec2_vpc" "selected" {
  cidr_block = "10.0.0.0/16"
}

Usage with ingress and egress rules defined

resource "awscc_ec2_security_group" "allow_tls" {
  group_description = "Allow TLS inbound traffic and all outbound traffic"
  vpc_id            = awscc_ec2_vpc.selected.id

  tags = [
    {
      key   = "Name"
      value = "allow_tls"
    }
  ]
}

resource "awscc_ec2_vpc_cidr_block" "selected" {
  amazon_provided_ipv_6_cidr_block = true
  vpc_id                           = awscc_ec2_vpc.selected.id
}

resource "awscc_ec2_vpc" "selected" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_hostnames = true
}


resource "awscc_ec2_security_group_ingress" "allow_tls_ipv4" {
  group_id    = awscc_ec2_security_group.allow_tls.id
  cidr_ip     = awscc_ec2_vpc.selected.cidr_block
  from_port   = 443
  ip_protocol = "tcp"
  to_port     = 443
}

resource "awscc_ec2_security_group_ingress" "allow_tls_ipv6" {
  group_id    = awscc_ec2_security_group.allow_tls.id
  cidr_ipv_6  = awscc_ec2_vpc_cidr_block.selected.ipv_6_cidr_block
  from_port   = 443
  ip_protocol = "tcp"
  to_port     = 443
}

resource "awscc_ec2_security_group_egress" "allow_all_traffic_ipv4" {
  group_id    = awscc_ec2_security_group.allow_tls.id
  cidr_ip     = "0.0.0.0/0"
  ip_protocol = "-1" # semantically equivalent to all ports
}

resource "awscc_ec2_security_group_egress" "allow_all_traffic_ipv6" {
  group_id    = awscc_ec2_security_group.allow_tls.id
  cidr_ipv_6  = "::/0"
  ip_protocol = "-1" # semantically equivalent to all ports
}

Schema

Required

Optional

Read-Only

Nested Schema for security_group_egress

Required:

Optional:

Nested Schema for security_group_ingress

Required:

Optional:

Nested Schema for tags

Required:

Import

Import is supported using the following syntax:

$ terraform import awscc_ec2_security_group.example <resource ID>