Resource Type definition for AWS::EC2::SecurityGroup
[!WARNING] NOTE on Egress rules: By default, AWS creates an ALLOW ALL egress rule when creating a new Security Group inside of a VPC.
resource "awscc_ec2_security_group" "example" {
group_description = "Security group example"
vpc_id = awscc_ec2_vpc.selected.id
tags = [
{
key = "Name"
value = "Example SG"
}
]
}
resource "awscc_ec2_vpc" "selected" {
cidr_block = "10.0.0.0/16"
}
resource "awscc_ec2_security_group" "allow_tls" {
group_description = "Allow TLS inbound traffic and all outbound traffic"
vpc_id = awscc_ec2_vpc.selected.id
tags = [
{
key = "Name"
value = "allow_tls"
}
]
}
resource "awscc_ec2_vpc_cidr_block" "selected" {
amazon_provided_ipv_6_cidr_block = true
vpc_id = awscc_ec2_vpc.selected.id
}
resource "awscc_ec2_vpc" "selected" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
}
resource "awscc_ec2_security_group_ingress" "allow_tls_ipv4" {
group_id = awscc_ec2_security_group.allow_tls.id
cidr_ip = awscc_ec2_vpc.selected.cidr_block
from_port = 443
ip_protocol = "tcp"
to_port = 443
}
resource "awscc_ec2_security_group_ingress" "allow_tls_ipv6" {
group_id = awscc_ec2_security_group.allow_tls.id
cidr_ipv_6 = awscc_ec2_vpc_cidr_block.selected.ipv_6_cidr_block
from_port = 443
ip_protocol = "tcp"
to_port = 443
}
resource "awscc_ec2_security_group_egress" "allow_all_traffic_ipv4" {
group_id = awscc_ec2_security_group.allow_tls.id
cidr_ip = "0.0.0.0/0"
ip_protocol = "-1" # semantically equivalent to all ports
}
resource "awscc_ec2_security_group_egress" "allow_all_traffic_ipv6" {
group_id = awscc_ec2_security_group.allow_tls.id
cidr_ipv_6 = "::/0"
ip_protocol = "-1" # semantically equivalent to all ports
}
group_description
(String) A description for the security group.group_name
(String) The name of the security group.security_group_egress
(Attributes List) [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group. (see below for nested schema)security_group_ingress
(Attributes List) The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group. (see below for nested schema)tags
(Attributes List) Any tags assigned to the security group. (see below for nested schema)vpc_id
(String) The ID of the VPC for the security group.group_id
(String) The group ID of the specified security group.id
(String) Uniquely identifies the resource.security_group_id
(String) The group name or group ID depending on whether the SG is created in default or specific VPCsecurity_group_egress
Required:
ip_protocol
(String)Optional:
cidr_ip
(String)cidr_ipv_6
(String)description
(String)destination_prefix_list_id
(String)destination_security_group_id
(String)from_port
(Number)to_port
(Number)security_group_ingress
Required:
ip_protocol
(String)Optional:
cidr_ip
(String)cidr_ipv_6
(String)description
(String)from_port
(Number)source_prefix_list_id
(String)source_security_group_id
(String)source_security_group_name
(String)source_security_group_owner_id
(String)to_port
(Number)tags
Required:
key
(String)value
(String)Import is supported using the following syntax:
$ terraform import awscc_ec2_security_group.example <resource ID>