security-group

Category Networking
Latest Version 0.1.0current

Terraform module for security-group on aws

Add to your Terraform configuration
module "security_group" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "0.1.0"

  # Required inputs
  name = "..."
  vpc_id = "..."
}

Overview

The security-group module creates and manages AWS security groups with production-ready defaults including:

  • Flexible ingress and egress rule configuration
  • CIDR block and security group source references
  • Self-referencing rules for cluster communication
  • Managed prefix list support
  • Stateful connection tracking

Category: Networking Provider: AWS Latest Version: 1.2.0

Quick Start

module "web_sg" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "1.2.0"

  name   = "web-server"
  vpc_id = module.vpc.vpc_id

  ingress_rules = [
    {
      from_port   = 443
      to_port     = 443
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  ]

  egress_rules = [
    {
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      cidr_blocks = ["0.0.0.0/0"]
    }
  ]
}

Key Features

Rule Management

Define ingress and egress rules with flexible source/destination options:

module "app_sg" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "1.2.0"

  name   = "application-server"
  vpc_id = module.vpc.vpc_id

  ingress_rules = [
    {
      from_port       = 8080
      to_port         = 8080
      protocol        = "tcp"
      security_groups = [module.web_sg.security_group_id]
    }
  ]
}

Prefix List Support

Reference AWS managed prefix lists for dynamic CIDR management:

module "restricted_sg" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "1.2.0"

  name   = "corporate-access"
  vpc_id = module.vpc.vpc_id

  ingress_rules = [
    {
      from_port       = 22
      to_port         = 22
      protocol        = "tcp"
      prefix_list_ids = [data.aws_ec2_managed_prefix_list.corporate.id]
    }
  ]
}

Security Group References

Chain security groups for layered access control:

module "db_sg" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
  version = "1.2.0"

  name   = "database"
  vpc_id = module.vpc.vpc_id

  ingress_rules = [
    {
      from_port       = 5432
      to_port         = 5432
      protocol        = "tcp"
      security_groups = [module.app_sg.security_group_id]
    }
  ]
}

Documentation

Registry

View specification on Registry

Inputs

name Required
string

Name of the security group

vpc_id Required
string

VPC ID where the security group will be created

ingress_rules
list(object({ from_port = number to_port = number protocol = string cidr_blocks = optional(list(string), []) description = optional(string, "") }))

List of ingress rules

egress_rules
list(object({ from_port = number to_port = number protocol = string cidr_blocks = optional(list(string), []) description = optional(string, "") })) Default: [ { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"]

List of egress rules

tags
map(string)

Tags to apply to all resources

publish_ssm_parameters
bool Default: true

Publish security group metadata to SSM Parameter Store for discovery by other modules

Outputs

security_group_id

ID of the security group

security_group_arn

ARN of the security group

security_group_name

Name of the security group

ssm_parameter_paths

SSM parameter paths where security group metadata is published

Related Resources
Inputs Reference Outputs Reference Examples Changelog