diff --git a/README.md b/README.md index 3a57f53..c5643ed 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,13 @@ - -

- - +[![Banner](https://github.com/clouddrove/terraform-gcp-vpc/blob/master/docs/CloudDrove.png)][website]

Terraform AWS Security Group

-

- This terraform module creates set of Security Group and Security Group Rules resources in various combinations. -

+

+ With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. +

+

@@ -22,6 +20,9 @@ Licence + + Changelog +

@@ -30,6 +31,9 @@ + + + @@ -41,21 +45,22 @@
-We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. - -This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself. +We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. -We have [*fifty plus terraform modules*][terraform_modules]. A few of them are comepleted and are available for open source usage while a few others are in progress. +This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. -## Prerequisites -This module has a few dependencies: -- [Terraform 1.5.4](https://learn.hashicorp.com/terraform/getting-started/install.html) +## Prerequisites and Providers +This table contains both Prerequisites and Providers: +| Description | Name | Version | +|:-------------:|:-------------------------------------------:|:---------:| +| **Prerequisite** | [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) | >= 1.5.0 | +| **Provider** | [aws](https://aws.amazon.com/) | >= 5.1.0 | @@ -63,286 +68,122 @@ This module has a few dependencies: ## Examples +**IMPORTANT:** Since the master branch used in source varies based on new modifications, we recommend using the [release versions](https://github.com/clouddrove/terraform-aws-security-group/releases). + +πŸ“Œ For additional usage examples, check the complete list under [`examples/`](./examples) directory. + + + +## Inputs and Outputs + +Refer to complete documentation: [here](docs/io.md) + + + + + +## Module Dependencies + +This module has dependencies on: +- [Labels Module](https://github.com/clouddrove/terraform-aws-labels): Provides resource tagging. + + +## πŸ“‘ Changelog + +Refer [here](CHANGELOG.md). + + + + +## ✨ Contributors + +Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. + + + + +
+
+ + If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!): + +- **Fork the Repository:** Create a new branch for your feature or bug fix. +- **Coding Standards:** You know the drill. +- **Clear Commit Messages:** Write clear and concise commit messages to facilitate understanding. +- **Thorough Testing:** Test your changes thoroughly before submitting a pull request. +- **Documentation Updates:** Include relevant documentation updates if your changes impact it. + + + + + + + + + -**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-aws-security-group/releases). - - -Here are some examples of how you can use this module in your inventory structure: -### Basic -Here is an example of how you can use this module in your inventory structure: -```hcl - module "security_group" { - source = "clouddrove/security-group/aws" - version = "2.0.0" - name = "app" - environment = "test" - vpc_id = module.vpc.vpc_id - - ## INGRESS Rules - new_sg_ingress_rules_with_cidr_blocks = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] - description = "Allow ssh traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - cidr_blocks = ["172.16.0.0/16"] - description = "Allow Mongodb traffic." - } - ] - - ## EGRESS Rules - new_sg_egress_rules_with_cidr_blocks = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"] - description = "Allow ssh outbound traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - cidr_blocks = ["172.16.0.0/16"] - description = "Allow Mongodb outbound traffic." - }] - } -``` - -### ONLY RULES -```hcl - module "security_group_rules" { - source = "clouddrove/security-group/aws" - version = "2.0.0" - name = "app" - environment = "test" - vpc_id = "vpc-xxxxxxxxx" - new_sg = false - existing_sg_id = "sg-xxxxxxxxx" - - ## INGRESS Rules - existing_sg_ingress_rules_with_cidr_blocks = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - cidr_blocks = ["10.9.0.0/16"] - description = "Allow ssh traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - cidr_blocks = ["10.9.0.0/16"] - description = "Allow Mongodb traffic." - } - ] - - existing_sg_ingress_rules_with_self = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - description = "Allow ssh traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - description = "Allow Mongodb traffic." - } - ] - - existing_sg_ingress_rules_with_source_sg_id = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" - description = "Allow ssh traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - source_security_group_id = "sg-xxxxxxxxx" - description = "Allow Mongodb traffic." - }] - - ## EGRESS Rules - existing_sg_egress_rules_with_cidr_blocks = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - cidr_blocks = ["10.9.0.0/16"] - description = "Allow ssh outbound traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - cidr_blocks = ["10.9.0.0/16"] - description = "Allow Mongodb outbound traffic." - }] - - existing_sg_egress_rules_with_self = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - description = "Allow ssh outbound traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - description = "Allow Mongodb outbound traffic." - }] - - existing_sg_egress_rules_with_source_sg_id = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - source_security_group_id = "sg-xxxxxxxxx" - description = "Allow ssh outbound traffic." - }, - { - rule_count = 2 - from_port = 27017 - protocol = "tcp" - to_port = 27017 - source_security_group_id = "sg-xxxxxxxxx" - description = "Allow Mongodb outbound traffic." - }] - } -``` - - ### PREFIX LIST -```hcl - module "security_group" { - source = "clouddrove/security-group/aws" - version = "2.0.0" - name = "app" - environment = "test" - vpc_id = module.vpc.vpc_id - prefix_list_enabled = true - entry = [{ - cidr = "10.19.0.0/16" - }] - - ## INGRESS Rules - new_sg_ingress_rules_with_prefix_list = [{ - rule_count = 1 - from_port = 22 - protocol = "tcp" - to_port = 22 - description = "Allow ssh traffic." - } - ] - ## EGRESS Rules - new_sg_egress_rules_with_prefix_list = [{ - rule_count = 1 - from_port = 3306 - protocol = "tcp" - to_port = 3306 - description = "Allow mysql/aurora outbound traffic." - } - ] - } -``` - - - - - - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| enable | Flag to control module creation. | `bool` | `true` | no | -| entry | Can be specified multiple times for each prefix list entry. | `list(any)` | `[]` | no | -| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | -| existing\_sg\_egress\_rules\_with\_cidr\_blocks | Ingress rules with only cidr block. Should be used when there is existing security group. | `any` | `{}` | no | -| existing\_sg\_egress\_rules\_with\_prefix\_list | Egress rules with only prefic ist ids. Should be used when there is existing security group. | `any` | `{}` | no | -| existing\_sg\_egress\_rules\_with\_self | Egress rules with only self. Should be used when there is existing security group. | `any` | `{}` | no | -| existing\_sg\_egress\_rules\_with\_source\_sg\_id | Egress rules with only source security group id. Should be used when there is existing security group. | `any` | `{}` | no | -| existing\_sg\_id | Provide existing security group id for updating existing rule | `string` | `null` | no | -| existing\_sg\_ingress\_rules\_with\_cidr\_blocks | Ingress rules with only cidr blocks. Should be used when there is existing security group. | `any` | `{}` | no | -| existing\_sg\_ingress\_rules\_with\_prefix\_list | Ingress rules with only prefix\_list. Should be used when new security group is been deployed. | `any` | `{}` | no | -| existing\_sg\_ingress\_rules\_with\_self | Ingress rules with only source security group id. Should be used when new security group is been deployed. | `any` | `{}` | no | -| existing\_sg\_ingress\_rules\_with\_source\_sg\_id | Ingress rules with only prefix list ids. Should be used when there is existing security group. | `any` | `{}` | no | -| label\_order | Label order, e.g. `name`,`application`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | -| managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | -| max\_entries | The maximum number of entries that this prefix list can contain. | `number` | `5` | no | -| name | Name (e.g. `app` or `cluster`). | `string` | `""` | no | -| new\_sg | Flag to control creation of new security group. | `bool` | `true` | no | -| new\_sg\_egress\_rules\_with\_cidr\_blocks | Egress rules with only cidr\_blockd. Should be used when new security group is been deployed. | `any` | `{}` | no | -| new\_sg\_egress\_rules\_with\_prefix\_list | Egress rules with only prefix list ids. Should be used when new security group is been deployed. | `any` | `{}` | no | -| new\_sg\_egress\_rules\_with\_self | Egress rules with only self. Should be used when new security group is been deployed. | `any` | `{}` | no | -| new\_sg\_egress\_rules\_with\_source\_sg\_id | Egress rules with only source security group id. Should be used when new security group is been deployed. | `any` | `{}` | no | -| new\_sg\_ingress\_rules\_with\_cidr\_blocks | Ingress rules with only cidr blocks. Should be used when new security group is been deployed. | `any` | `{}` | no | -| new\_sg\_ingress\_rules\_with\_prefix\_list | Ingress rules with only prefix list ids. Should be used when new security group is been deployed. | `any` | `{}` | no | -| new\_sg\_ingress\_rules\_with\_self | Ingress rules with only self. Should be used when new security group is been deployed. | `any` | `{}` | no | -| new\_sg\_ingress\_rules\_with\_source\_sg\_id | Ingress rules with only source security group id. Should be used when new security group is been deployed. | `any` | `{}` | no | -| prefix\_list\_address\_family | (Required, Forces new resource) The address family (IPv4 or IPv6) of prefix list. | `string` | `"IPv4"` | no | -| prefix\_list\_enabled | Enable prefix\_list. | `bool` | `false` | no | -| prefix\_list\_ids | The ID of the prefix list. | `list(string)` | `[]` | no | -| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-security-group"` | no | -| sg\_description | Security group description. Defaults to Managed by Terraform. Cannot be empty string. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. | `string` | `null` | no | -| vpc\_id | The ID of the VPC that the instance security group belongs to. | `string` | `""` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| prefix\_list\_id | The ID of the prefix list. | -| security\_group\_arn | IDs on the AWS Security Groups associated with the instance. | -| security\_group\_id | IDs on the AWS Security Groups associated with the instance. | -| security\_group\_tags | A mapping of public tags to assign to the resource. | - - - - -## Testing -In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. - -You need to run the following command in the testing folder: -```hcl - go test -run Test -``` ## Feedback -If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-security-group/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). +Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-security-group/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). + +Show some love with a β˜… on [our GitHub](https://github.com/clouddrove/terraform-aws-security-group)! if our work has brightened your day! – your feedback fuels our journey! + + +## :rocket: Our Accomplishment + +We have [*100+ Terraform modules*][terraform_modules] πŸ™Œ. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. + +- [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. + +- [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. + +- [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. + + + + +## Join Our Slack Community + +Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. +Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. + +πŸŒπŸ’¬What you'll get after joining this Slack community: + +- πŸš€ Encouragement to upgrade your best version. +- 🌈 Learning companionship with our DevOps squad. +- 🌱 Relentless growth with daily updates on new advancements in technologies. + +Join our tech elites [Join Now][slack] πŸš€ + + +## Explore Our Blogs -If you have found it worth your time, go ahead and give us a β˜… on [our GitHub](https://github.com/clouddrove/terraform-aws-security-group)! + Click [here][blog] :books: :star2: -## About us +## Tap into our capabilities +We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. -At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering. +At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com).

We are The Cloud Experts!

-

We ❀️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

+

We ❀️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

[website]: https://clouddrove.com + [blog]: https://blog.clouddrove.com + [slack]: https://www.launchpass.com/devops-talks [github]: https://github.com/clouddrove [linkedin]: https://cpco.io/linkedin [twitter]: https://twitter.com/clouddrove/ diff --git a/docs/io.md b/docs/io.md new file mode 100644 index 0000000..020e35f --- /dev/null +++ b/docs/io.md @@ -0,0 +1,45 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| enable | Flag to control module creation. | `bool` | `true` | no | +| entry | Can be specified multiple times for each prefix list entry. | `list(any)` | `[]` | no | +| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | +| existing\_sg\_egress\_rules\_with\_cidr\_blocks | Ingress rules with only cidr block. Should be used when there is existing security group. | `any` | `{}` | no | +| existing\_sg\_egress\_rules\_with\_prefix\_list | Egress rules with only prefic ist ids. Should be used when there is existing security group. | `any` | `{}` | no | +| existing\_sg\_egress\_rules\_with\_self | Egress rules with only self. Should be used when there is existing security group. | `any` | `{}` | no | +| existing\_sg\_egress\_rules\_with\_source\_sg\_id | Egress rules with only source security group id. Should be used when there is existing security group. | `any` | `{}` | no | +| existing\_sg\_id | Provide existing security group id for updating existing rule | `string` | `null` | no | +| existing\_sg\_ingress\_rules\_with\_cidr\_blocks | Ingress rules with only cidr blocks. Should be used when there is existing security group. | `any` | `{}` | no | +| existing\_sg\_ingress\_rules\_with\_prefix\_list | Ingress rules with only prefix\_list. Should be used when new security group is been deployed. | `any` | `{}` | no | +| existing\_sg\_ingress\_rules\_with\_self | Ingress rules with only source security group id. Should be used when new security group is been deployed. | `any` | `{}` | no | +| existing\_sg\_ingress\_rules\_with\_source\_sg\_id | Ingress rules with only prefix list ids. Should be used when there is existing security group. | `any` | `{}` | no | +| label\_order | Label order, e.g. `name`,`application`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | +| managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | +| max\_entries | The maximum number of entries that this prefix list can contain. | `number` | `5` | no | +| name | Name (e.g. `app` or `cluster`). | `string` | `""` | no | +| new\_sg | Flag to control creation of new security group. | `bool` | `true` | no | +| new\_sg\_egress\_rules\_with\_cidr\_blocks | Egress rules with only cidr\_blockd. Should be used when new security group is been deployed. | `any` | `{}` | no | +| new\_sg\_egress\_rules\_with\_prefix\_list | Egress rules with only prefix list ids. Should be used when new security group is been deployed. | `any` | `{}` | no | +| new\_sg\_egress\_rules\_with\_self | Egress rules with only self. Should be used when new security group is been deployed. | `any` | `{}` | no | +| new\_sg\_egress\_rules\_with\_source\_sg\_id | Egress rules with only source security group id. Should be used when new security group is been deployed. | `any` | `{}` | no | +| new\_sg\_ingress\_rules\_with\_cidr\_blocks | Ingress rules with only cidr blocks. Should be used when new security group is been deployed. | `any` | `{}` | no | +| new\_sg\_ingress\_rules\_with\_prefix\_list | Ingress rules with only prefix list ids. Should be used when new security group is been deployed. | `any` | `{}` | no | +| new\_sg\_ingress\_rules\_with\_self | Ingress rules with only self. Should be used when new security group is been deployed. | `any` | `{}` | no | +| new\_sg\_ingress\_rules\_with\_source\_sg\_id | Ingress rules with only source security group id. Should be used when new security group is been deployed. | `any` | `{}` | no | +| prefix\_list\_address\_family | (Required, Forces new resource) The address family (IPv4 or IPv6) of prefix list. | `string` | `"IPv4"` | no | +| prefix\_list\_enabled | Enable prefix\_list. | `bool` | `false` | no | +| prefix\_list\_ids | The ID of the prefix list. | `list(string)` | `[]` | no | +| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-security-group"` | no | +| sg\_description | Security group description. Defaults to Managed by Terraform. Cannot be empty string. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. | `string` | `null` | no | +| vpc\_id | The ID of the VPC that the instance security group belongs to. | `string` | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| prefix\_list\_id | The ID of the prefix list. | +| security\_group\_arn | IDs on the AWS Security Groups associated with the instance. | +| security\_group\_id | IDs on the AWS Security Groups associated with the instance. | +| security\_group\_tags | A mapping of public tags to assign to the resource. | +