All Outbound
A security group that allows all outbound traffic while controlling inbound access. This is a common pattern for instances that need to reach external services.
Basic All Outbound
module "all_outbound_sg" {
source = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
version = "1.2.0"
name = "all-outbound"
vpc_id = module.vpc.vpc_id
ingress_rules = []
egress_rules = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow all outbound traffic"
}
]
}
Inbound Restricted, Outbound Open
module "worker_sg" {
source = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
version = "1.2.0"
name = "worker-nodes"
vpc_id = module.vpc.vpc_id
ingress_rules = [
{
from_port = 0
to_port = 0
protocol = "-1"
security_groups = [module.control_plane_sg.security_group_id]
description = "All traffic from control plane"
}
]
egress_rules = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow all outbound for external dependencies"
}
]
}
Outbound to Specific Destinations
For more restrictive environments, limit outbound to specific services:
module "restricted_outbound_sg" {
source = "registry.patterneddesigns.ca/patterneddesigns/security-group/aws"
version = "1.2.0"
name = "restricted-outbound"
vpc_id = module.vpc.vpc_id
ingress_rules = []
egress_rules = [
{
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "HTTPS to external services"
},
{
from_port = 53
to_port = 53
protocol = "udp"
cidr_blocks = [module.vpc.vpc_cidr_block]
description = "DNS within VPC"
}
]
}