AWS Security group in managedkube (#410)

ManagedKube · Mar 1, 2023 · 9dfe341 · 9dfe341
1 parent d713f57
commit 9dfe341
Show file tree

Hide file tree

Showing 4 changed files with 125 additions and 0 deletions.
diff --git a/terraform-modules/aws/securitygroup/README.md b/terraform-modules/aws/securitygroup/README.md
@@ -0,0 +1,38 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_description"></a> [description](#input\_description) | The description of the security group | `string` | n/a | yes |
+| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | A list of egress rules to apply to the security group | <pre>list(object({<br>    from_port        = number<br>    to_port          = number<br>    protocol         = string<br>    cidr_blocks      = list(string)<br>    ipv6_cidr_blocks = list(string)<br>  }))</pre> | n/a | yes |
+| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | A list of ingress rules to apply to the security group | <pre>list(object({<br>    description      = string<br>    from_port        = number<br>    to_port          = number<br>    protocol         = string<br>    cidr_blocks      = list(string)<br>    ipv6_cidr_blocks = list(string)<br>  }))</pre> | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name of the security group | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A list of tags | `map(any)` | n/a | yes |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which to create the security group | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | ARN of the security group. |
+| <a name="output_id"></a> [id](#output\_id) | ID of the security group. |
+| <a name="output_name"></a> [name](#output\_name) | The name of the security group |
diff --git a/terraform-modules/aws/securitygroup/main.tf b/terraform-modules/aws/securitygroup/main.tf
@@ -0,0 +1,31 @@
+resource "aws_security_group" "sg" {
+  name        = var.name
+  description = var.description
+  vpc_id      = var.vpc_id
+
+  dynamic "ingress" {
+    for_each = var.ingress_rules
+
+    content {
+      description      = ingress.value.description
+      from_port        = ingress.value.from_port
+      to_port          = ingress.value.to_port
+      protocol         = ingress.value.protocol
+      cidr_blocks      = ingress.value.cidr_blocks
+      ipv6_cidr_blocks = ingress.value.ipv6_cidr_blocks
+    }
+  }
+
+  dynamic "egress" {
+    for_each = var.egress_rules
+
+    content {
+      from_port        = egress.value.from_port
+      to_port          = egress.value.to_port
+      protocol         = egress.value.protocol
+      cidr_blocks      = egress.value.cidr_blocks
+      ipv6_cidr_blocks = egress.value.ipv6_cidr_blocks
+    }
+  }
+  tags = var.tags
+}
diff --git a/terraform-modules/aws/securitygroup/outputs.tf b/terraform-modules/aws/securitygroup/outputs.tf
@@ -0,0 +1,14 @@
+output "id" {
+  value = aws_security_group.sg.id
+  description = "ID of the security group."
+}
+
+output "arn" {
+  value = aws_security_group.sg.arn
+  description = "ARN of the security group."
+}
+
+output "name" {
+  value = aws_security_group.sg.name
+  description = "The name of the security group"
+}
diff --git a/terraform-modules/aws/securitygroup/variables.tf b/terraform-modules/aws/securitygroup/variables.tf
@@ -0,0 +1,42 @@
+variable "name" {
+  type = string
+  description = "The name of the security group"
+}
+
+variable "description" {
+  type = string
+  description = "The description of the security group"
+}
+
+variable "vpc_id" {
+  type = string
+  description = "The ID of the VPC in which to create the security group"
+}
+
+variable "ingress_rules" {
+  description = "A list of ingress rules to apply to the security group"
+  type = list(object({
+    description      = string
+    from_port        = number
+    to_port          = number
+    protocol         = string
+    cidr_blocks      = list(string)
+    ipv6_cidr_blocks = list(string)
+  }))
+}
+
+variable "egress_rules" {
+  description = "A list of egress rules to apply to the security group"
+  type = list(object({
+    from_port        = number
+    to_port          = number
+    protocol         = string
+    cidr_blocks      = list(string)
+    ipv6_cidr_blocks = list(string)
+  }))
+}
+
+variable "tags" {
+    type = map(any)
+    description = "A list of tags"
+}