Home

Awesome

AWS EC2-VPC Security Group Terraform module

Terraform module which creates EC2 security group within VPC on AWS.

SWUbanner

Features

This module aims to implement ALL combinations of arguments supported by AWS and latest stable version of Terraform:

Ingress and egress rules can be configured in a variety of ways. See inputs section for all supported arguments and complete example for the complete use-case.

If there is a missing feature or a bug - open an issue.

Terraform versions

For Terraform 0.13 or later use any version from v4.5.0 of this module or newer.

For Terraform 0.12 use any version from v3.* to v4.4.0.

If you are using Terraform 0.11 you can use versions v2.*.

Usage

There are two ways to create security groups using this module:

  1. Specifying predefined rules (HTTP, SSH, etc)
  2. Specifying custom rules

Security group with predefined rules

module "web_server_sg" {
  source = "terraform-aws-modules/security-group/aws//modules/http-80"

  name        = "web-server"
  description = "Security group for web-server with HTTP ports open within VPC"
  vpc_id      = "vpc-12345678"

  ingress_cidr_blocks = ["10.10.0.0/16"]
}

Security group with custom rules

module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "user-service"
  description = "Security group for user-service with custom ports open within VPC, and PostgreSQL publicly open"
  vpc_id      = "vpc-12345678"

  ingress_cidr_blocks      = ["10.10.0.0/16"]
  ingress_rules            = ["https-443-tcp"]
  ingress_with_cidr_blocks = [
    {
      from_port   = 8080
      to_port     = 8090
      protocol    = "tcp"
      description = "User-service ports"
      cidr_blocks = "10.10.0.0/16"
    },
    {
      rule        = "postgresql-tcp"
      cidr_blocks = "0.0.0.0/0"
    },
  ]
}

Note about "value of 'count' cannot be computed"

Terraform 0.11 has a limitation which does not allow computed values inside count attribute on resources (issues: #16712, #18015, ...)

Computed values are values provided as outputs from module. Non-computed values are all others - static values, values referenced as variable and from data-sources.

When you need to specify computed value inside security group rule argument you need to specify it using an argument which starts with computed_ and provide a number of elements in the argument which starts with number_of_computed_. See these examples:

module "http_sg" {
  source = "terraform-aws-modules/security-group/aws"
  # omitted for brevity
}

module "db_computed_source_sg" {
  # omitted for brevity

  vpc_id = "vpc-12345678" # these are valid values also - `module.vpc.vpc_id` and `local.vpc_id`

  computed_ingress_with_source_security_group_id = [
    {
      rule                     = "mysql-tcp"
      source_security_group_id = module.http_sg.security_group_id
    }
  ]
  number_of_computed_ingress_with_source_security_group_id = 1
}

module "db_computed_sg" {
  # omitted for brevity

  ingress_cidr_blocks = ["10.10.0.0/16", data.aws_security_group.default.id]

  computed_ingress_cidr_blocks           = [module.vpc.vpc_cidr_block]
  number_of_computed_ingress_cidr_blocks = 1
}

module "db_computed_merged_sg" {
  # omitted for brevity

  computed_ingress_cidr_blocks           = ["10.10.0.0/16", module.vpc.vpc_cidr_block]
  number_of_computed_ingress_cidr_blocks = 2
}

Note that db_computed_sg and db_computed_merged_sg are equal, because it is possible to put both computed and non-computed values in arguments starting with computed_.

Conditional creation

Sometimes you need a way to conditionally create a security group. If you're using Terraform < 0.13 which lacks module support for count, you can instead specify the argument create.

# This security group will not be created
module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"

  create = false
  # ... omitted
}

Examples

How to add/update rules/groups?

Rules and groups are defined in rules.tf. Run update_groups.sh when content of that file has changed to recreate content of all automatic modules.

Known issues

No issue is creating limit on this module.

<!-- BEGIN_TF_DOCS -->

Requirements

NameVersion
<a name="requirement_terraform"></a> terraform>= 1.0
<a name="requirement_aws"></a> aws>= 3.29

Providers

NameVersion
<a name="provider_aws"></a> aws>= 3.29

Modules

No modules.

Resources

NameType
aws_security_group.thisresource
aws_security_group.this_name_prefixresource
aws_security_group_rule.computed_egress_rulesresource
aws_security_group_rule.computed_egress_with_cidr_blocksresource
aws_security_group_rule.computed_egress_with_ipv6_cidr_blocksresource
aws_security_group_rule.computed_egress_with_prefix_list_idsresource
aws_security_group_rule.computed_egress_with_selfresource
aws_security_group_rule.computed_egress_with_source_security_group_idresource
aws_security_group_rule.computed_ingress_rulesresource
aws_security_group_rule.computed_ingress_with_cidr_blocksresource
aws_security_group_rule.computed_ingress_with_ipv6_cidr_blocksresource
aws_security_group_rule.computed_ingress_with_prefix_list_idsresource
aws_security_group_rule.computed_ingress_with_selfresource
aws_security_group_rule.computed_ingress_with_source_security_group_idresource
aws_security_group_rule.egress_rulesresource
aws_security_group_rule.egress_with_cidr_blocksresource
aws_security_group_rule.egress_with_ipv6_cidr_blocksresource
aws_security_group_rule.egress_with_prefix_list_idsresource
aws_security_group_rule.egress_with_selfresource
aws_security_group_rule.egress_with_source_security_group_idresource
aws_security_group_rule.ingress_rulesresource
aws_security_group_rule.ingress_with_cidr_blocksresource
aws_security_group_rule.ingress_with_ipv6_cidr_blocksresource
aws_security_group_rule.ingress_with_prefix_list_idsresource
aws_security_group_rule.ingress_with_selfresource
aws_security_group_rule.ingress_with_source_security_group_idresource

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_auto_groups"></a> auto_groupsMap of groups of security group rules to use to generate modules (see update_groups.sh)map(map(list(string)))<pre>{<br/> "activemq": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "activemq-5671-tcp",<br/> "activemq-8883-tcp",<br/> "activemq-61614-tcp",<br/> "activemq-61617-tcp",<br/> "activemq-61619-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "alertmanager": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "alertmanager-9093-tcp",<br/> "alertmanager-9094-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "carbon-relay-ng": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "carbon-line-in-tcp",<br/> "carbon-line-in-udp",<br/> "carbon-pickle-tcp",<br/> "carbon-pickle-udp",<br/> "carbon-gui-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "cassandra": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "cassandra-clients-tcp",<br/> "cassandra-thrift-clients-tcp",<br/> "cassandra-jmx-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "consul": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "consul-tcp",<br/> "consul-grpc-tcp",<br/> "consul-grpc-tcp-tls",<br/> "consul-webui-http-tcp",<br/> "consul-webui-https-tcp",<br/> "consul-dns-tcp",<br/> "consul-dns-udp",<br/> "consul-serf-lan-tcp",<br/> "consul-serf-lan-udp",<br/> "consul-serf-wan-tcp",<br/> "consul-serf-wan-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "dax-cluster": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "dax-cluster-unencrypted-tcp",<br/> "dax-cluster-encrypted-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "docker-swarm": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "docker-swarm-mngmt-tcp",<br/> "docker-swarm-node-tcp",<br/> "docker-swarm-node-udp",<br/> "docker-swarm-overlay-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "elasticsearch": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "elasticsearch-rest-tcp",<br/> "elasticsearch-java-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "etcd": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "etcd-client-tcp",<br/> "etcd-peer-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "grafana": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "grafana-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "graphite-statsd": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "graphite-webui",<br/> "graphite-2003-tcp",<br/> "graphite-2004-tcp",<br/> "graphite-2023-tcp",<br/> "graphite-2024-tcp",<br/> "graphite-8080-tcp",<br/> "graphite-8125-tcp",<br/> "graphite-8125-udp",<br/> "graphite-8126-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "http-80": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "http-80-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "http-8080": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "http-8080-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "https-443": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "https-443-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "https-8443": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "https-8443-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "ipsec-4500": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "ipsec-4500-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "ipsec-500": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "ipsec-500-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "kafka": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "kafka-broker-tcp",<br/> "kafka-broker-tls-tcp",<br/> "kafka-broker-tls-public-tcp",<br/> "kafka-broker-sasl-scram-tcp",<br/> "kafka-broker-sasl-scram-tcp",<br/> "kafka-broker-sasl-iam-tcp",<br/> "kafka-broker-sasl-iam-public-tcp",<br/> "kafka-jmx-exporter-tcp",<br/> "kafka-node-exporter-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "kibana": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "kibana-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "kubernetes-api": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "kubernetes-api-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "ldap": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "ldap-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "ldaps": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "ldaps-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "logstash": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "logstash-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "loki": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "loki-grafana",<br/> "loki-grafana-grpc"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "memcached": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "memcached-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "minio": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "minio-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "mongodb": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "mongodb-27017-tcp",<br/> "mongodb-27018-tcp",<br/> "mongodb-27019-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "mssql": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "mssql-tcp",<br/> "mssql-udp",<br/> "mssql-analytics-tcp",<br/> "mssql-broker-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "mysql": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "mysql-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "nfs": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "nfs-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "nomad": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "nomad-http-tcp",<br/> "nomad-rpc-tcp",<br/> "nomad-serf-tcp",<br/> "nomad-serf-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "ntp": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "ntp-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "openvpn": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "openvpn-udp",<br/> "openvpn-tcp",<br/> "openvpn-https-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "oracle-db": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "oracle-db-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "postgresql": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "postgresql-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "prometheus": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "prometheus-http-tcp",<br/> "prometheus-pushgateway-http-tcp",<br/> "prometheus-node-exporter-http-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "promtail": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "promtail-http"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "puppet": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "puppet-tcp",<br/> "puppetdb-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "rabbitmq": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "rabbitmq-4369-tcp",<br/> "rabbitmq-5671-tcp",<br/> "rabbitmq-5672-tcp",<br/> "rabbitmq-15672-tcp",<br/> "rabbitmq-25672-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "rdp": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "rdp-tcp",<br/> "rdp-udp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "redis": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "redis-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "redshift": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "redshift-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "smtp": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "smtp-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "smtp-submission": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "smtp-submission-587-tcp",<br/> "smtp-submission-2587-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "smtps": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "smtps-465-tcp",<br/> "smtps-2465-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "solr": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "solr-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "splunk": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "splunk-indexer-tcp",<br/> "splunk-web-tcp",<br/> "splunk-splunkd-tcp",<br/> "splunk-hec-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "squid": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "squid-proxy-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "ssh": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "ssh-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "storm": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "storm-nimbus-tcp",<br/> "storm-ui-tcp",<br/> "storm-supervisor-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "vault": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "vault-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "wazuh": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "wazuh-server-agent-connection-tcp",<br/> "wazuh-server-agent-connection-udp",<br/> "wazuh-server-agent-enrollment",<br/> "wazuh-server-agent-cluster-daemon",<br/> "wazuh-server-syslog-collector-tcp",<br/> "wazuh-server-syslog-collector-udp",<br/> "wazuh-server-restful-api",<br/> "wazuh-indexer-restful-api",<br/> "wazuh-dashboard"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "web": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "http-80-tcp",<br/> "http-8080-tcp",<br/> "https-443-tcp",<br/> "web-jmx-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "winrm": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "winrm-http-tcp",<br/> "winrm-https-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "zabbix": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "zabbix-server",<br/> "zabbix-proxy",<br/> "zabbix-agent"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "zipkin": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "zipkin-admin-tcp",<br/> "zipkin-admin-query-tcp",<br/> "zipkin-admin-web-tcp",<br/> "zipkin-query-tcp",<br/> "zipkin-web-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> },<br/> "zookeeper": {<br/> "egress_rules": [<br/> "all-all"<br/> ],<br/> "ingress_rules": [<br/> "zookeeper-2181-tcp",<br/> "zookeeper-2182-tls-tcp",<br/> "zookeeper-2888-tcp",<br/> "zookeeper-3888-tcp",<br/> "zookeeper-jmx-tcp"<br/> ],<br/> "ingress_with_self": [<br/> "all-all"<br/> ]<br/> }<br/>}</pre>no
<a name="input_computed_egress_rules"></a> computed_egress_rulesList of computed egress rules to create by namelist(string)[]no
<a name="input_computed_egress_with_cidr_blocks"></a> computed_egress_with_cidr_blocksList of computed egress rules to create where 'cidr_blocks' is usedlist(map(string))[]no
<a name="input_computed_egress_with_ipv6_cidr_blocks"></a> computed_egress_with_ipv6_cidr_blocksList of computed egress rules to create where 'ipv6_cidr_blocks' is usedlist(map(string))[]no
<a name="input_computed_egress_with_prefix_list_ids"></a> computed_egress_with_prefix_list_idsList of computed egress rules to create where 'prefix_list_ids' is used onlylist(map(string))[]no
<a name="input_computed_egress_with_self"></a> computed_egress_with_selfList of computed egress rules to create where 'self' is definedlist(map(string))[]no
<a name="input_computed_egress_with_source_security_group_id"></a> computed_egress_with_source_security_group_idList of computed egress rules to create where 'source_security_group_id' is usedlist(map(string))[]no
<a name="input_computed_ingress_rules"></a> computed_ingress_rulesList of computed ingress rules to create by namelist(string)[]no
<a name="input_computed_ingress_with_cidr_blocks"></a> computed_ingress_with_cidr_blocksList of computed ingress rules to create where 'cidr_blocks' is usedlist(map(string))[]no
<a name="input_computed_ingress_with_ipv6_cidr_blocks"></a> computed_ingress_with_ipv6_cidr_blocksList of computed ingress rules to create where 'ipv6_cidr_blocks' is usedlist(map(string))[]no
<a name="input_computed_ingress_with_prefix_list_ids"></a> computed_ingress_with_prefix_list_idsList of computed ingress rules to create where 'prefix_list_ids' is usedlist(map(string))[]no
<a name="input_computed_ingress_with_self"></a> computed_ingress_with_selfList of computed ingress rules to create where 'self' is definedlist(map(string))[]no
<a name="input_computed_ingress_with_source_security_group_id"></a> computed_ingress_with_source_security_group_idList of computed ingress rules to create where 'source_security_group_id' is usedlist(map(string))[]no
<a name="input_create"></a> createWhether to create security group and all rulesbooltrueno
<a name="input_create_sg"></a> create_sgWhether to create security groupbooltrueno
<a name="input_create_timeout"></a> create_timeoutTime to wait for a security group to be createdstring"10m"no
<a name="input_delete_timeout"></a> delete_timeoutTime to wait for a security group to be deletedstring"15m"no
<a name="input_description"></a> descriptionDescription of security groupstring"Security Group managed by Terraform"no
<a name="input_egress_cidr_blocks"></a> egress_cidr_blocksList of IPv4 CIDR ranges to use on all egress ruleslist(string)<pre>[<br/> "0.0.0.0/0"<br/>]</pre>no
<a name="input_egress_ipv6_cidr_blocks"></a> egress_ipv6_cidr_blocksList of IPv6 CIDR ranges to use on all egress ruleslist(string)<pre>[<br/> "::/0"<br/>]</pre>no
<a name="input_egress_prefix_list_ids"></a> egress_prefix_list_idsList of prefix list IDs (for allowing access to VPC endpoints) to use on all egress ruleslist(string)[]no
<a name="input_egress_rules"></a> egress_rulesList of egress rules to create by namelist(string)[]no
<a name="input_egress_with_cidr_blocks"></a> egress_with_cidr_blocksList of egress rules to create where 'cidr_blocks' is usedlist(map(string))[]no
<a name="input_egress_with_ipv6_cidr_blocks"></a> egress_with_ipv6_cidr_blocksList of egress rules to create where 'ipv6_cidr_blocks' is usedlist(map(string))[]no
<a name="input_egress_with_prefix_list_ids"></a> egress_with_prefix_list_idsList of egress rules to create where 'prefix_list_ids' is used onlylist(map(string))[]no
<a name="input_egress_with_self"></a> egress_with_selfList of egress rules to create where 'self' is definedlist(map(string))[]no
<a name="input_egress_with_source_security_group_id"></a> egress_with_source_security_group_idList of egress rules to create where 'source_security_group_id' is usedlist(map(string))[]no
<a name="input_ingress_cidr_blocks"></a> ingress_cidr_blocksList of IPv4 CIDR ranges to use on all ingress ruleslist(string)[]no
<a name="input_ingress_ipv6_cidr_blocks"></a> ingress_ipv6_cidr_blocksList of IPv6 CIDR ranges to use on all ingress ruleslist(string)[]no
<a name="input_ingress_prefix_list_ids"></a> ingress_prefix_list_idsList of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress ruleslist(string)[]no
<a name="input_ingress_rules"></a> ingress_rulesList of ingress rules to create by namelist(string)[]no
<a name="input_ingress_with_cidr_blocks"></a> ingress_with_cidr_blocksList of ingress rules to create where 'cidr_blocks' is usedlist(map(string))[]no
<a name="input_ingress_with_ipv6_cidr_blocks"></a> ingress_with_ipv6_cidr_blocksList of ingress rules to create where 'ipv6_cidr_blocks' is usedlist(map(string))[]no
<a name="input_ingress_with_prefix_list_ids"></a> ingress_with_prefix_list_idsList of ingress rules to create where 'prefix_list_ids' is used onlylist(map(string))[]no
<a name="input_ingress_with_self"></a> ingress_with_selfList of ingress rules to create where 'self' is definedlist(map(string))[]no
<a name="input_ingress_with_source_security_group_id"></a> ingress_with_source_security_group_idList of ingress rules to create where 'source_security_group_id' is usedlist(map(string))[]no
<a name="input_name"></a> nameName of security group - not required if create_sg is falsestringnullno
<a name="input_number_of_computed_egress_rules"></a> number_of_computed_egress_rulesNumber of computed egress rules to create by namenumber0no
<a name="input_number_of_computed_egress_with_cidr_blocks"></a> number_of_computed_egress_with_cidr_blocksNumber of computed egress rules to create where 'cidr_blocks' is usednumber0no
<a name="input_number_of_computed_egress_with_ipv6_cidr_blocks"></a> number_of_computed_egress_with_ipv6_cidr_blocksNumber of computed egress rules to create where 'ipv6_cidr_blocks' is usednumber0no
<a name="input_number_of_computed_egress_with_prefix_list_ids"></a> number_of_computed_egress_with_prefix_list_idsNumber of computed egress rules to create where 'prefix_list_ids' is used onlynumber0no
<a name="input_number_of_computed_egress_with_self"></a> number_of_computed_egress_with_selfNumber of computed egress rules to create where 'self' is definednumber0no
<a name="input_number_of_computed_egress_with_source_security_group_id"></a> number_of_computed_egress_with_source_security_group_idNumber of computed egress rules to create where 'source_security_group_id' is usednumber0no
<a name="input_number_of_computed_ingress_rules"></a> number_of_computed_ingress_rulesNumber of computed ingress rules to create by namenumber0no
<a name="input_number_of_computed_ingress_with_cidr_blocks"></a> number_of_computed_ingress_with_cidr_blocksNumber of computed ingress rules to create where 'cidr_blocks' is usednumber0no
<a name="input_number_of_computed_ingress_with_ipv6_cidr_blocks"></a> number_of_computed_ingress_with_ipv6_cidr_blocksNumber of computed ingress rules to create where 'ipv6_cidr_blocks' is usednumber0no
<a name="input_number_of_computed_ingress_with_prefix_list_ids"></a> number_of_computed_ingress_with_prefix_list_idsNumber of computed ingress rules to create where 'prefix_list_ids' is usednumber0no
<a name="input_number_of_computed_ingress_with_self"></a> number_of_computed_ingress_with_selfNumber of computed ingress rules to create where 'self' is definednumber0no
<a name="input_number_of_computed_ingress_with_source_security_group_id"></a> number_of_computed_ingress_with_source_security_group_idNumber of computed ingress rules to create where 'source_security_group_id' is usednumber0no
<a name="input_putin_khuylo"></a> putin_khuyloDo you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!booltrueno
<a name="input_revoke_rules_on_delete"></a> revoke_rules_on_deleteInstruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR.boolfalseno
<a name="input_rules"></a> rulesMap of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description'])map(list(any))<pre>{<br/> "_": [<br/> "",<br/> "",<br/> ""<br/> ],<br/> "activemq-5671-tcp": [<br/> 5671,<br/> 5671,<br/> "tcp",<br/> "ActiveMQ AMQP"<br/> ],<br/> "activemq-61614-tcp": [<br/> 61614,<br/> 61614,<br/> "tcp",<br/> "ActiveMQ STOMP"<br/> ],<br/> "activemq-61617-tcp": [<br/> 61617,<br/> 61617,<br/> "tcp",<br/> "ActiveMQ OpenWire"<br/> ],<br/> "activemq-61619-tcp": [<br/> 61619,<br/> 61619,<br/> "tcp",<br/> "ActiveMQ WebSocket"<br/> ],<br/> "activemq-8883-tcp": [<br/> 8883,<br/> 8883,<br/> "tcp",<br/> "ActiveMQ MQTT"<br/> ],<br/> "alertmanager-9093-tcp": [<br/> 9093,<br/> 9093,<br/> "tcp",<br/> "Alert Manager"<br/> ],<br/> "alertmanager-9094-tcp": [<br/> 9094,<br/> 9094,<br/> "tcp",<br/> "Alert Manager Cluster"<br/> ],<br/> "all-all": [<br/> -1,<br/> -1,<br/> "-1",<br/> "All protocols"<br/> ],<br/> "all-icmp": [<br/> -1,<br/> -1,<br/> "icmp",<br/> "All IPV4 ICMP"<br/> ],<br/> "all-ipv6-icmp": [<br/> -1,<br/> -1,<br/> 58,<br/> "All IPV6 ICMP"<br/> ],<br/> "all-tcp": [<br/> 0,<br/> 65535,<br/> "tcp",<br/> "All TCP ports"<br/> ],<br/> "all-udp": [<br/> 0,<br/> 65535,<br/> "udp",<br/> "All UDP ports"<br/> ],<br/> "carbon-admin-tcp": [<br/> 2004,<br/> 2004,<br/> "tcp",<br/> "Carbon admin"<br/> ],<br/> "carbon-gui-udp": [<br/> 8081,<br/> 8081,<br/> "tcp",<br/> "Carbon GUI"<br/> ],<br/> "carbon-line-in-tcp": [<br/> 2003,<br/> 2003,<br/> "tcp",<br/> "Carbon line-in"<br/> ],<br/> "carbon-line-in-udp": [<br/> 2003,<br/> 2003,<br/> "udp",<br/> "Carbon line-in"<br/> ],<br/> "carbon-pickle-tcp": [<br/> 2013,<br/> 2013,<br/> "tcp",<br/> "Carbon pickle"<br/> ],<br/> "carbon-pickle-udp": [<br/> 2013,<br/> 2013,<br/> "udp",<br/> "Carbon pickle"<br/> ],<br/> "cassandra-clients-tcp": [<br/> 9042,<br/> 9042,<br/> "tcp",<br/> "Cassandra clients"<br/> ],<br/> "cassandra-jmx-tcp": [<br/> 7199,<br/> 7199,<br/> "tcp",<br/> "JMX"<br/> ],<br/> "cassandra-thrift-clients-tcp": [<br/> 9160,<br/> 9160,<br/> "tcp",<br/> "Cassandra Thrift clients"<br/> ],<br/> "consul-dns-tcp": [<br/> 8600,<br/> 8600,<br/> "tcp",<br/> "Consul DNS"<br/> ],<br/> "consul-dns-udp": [<br/> 8600,<br/> 8600,<br/> "udp",<br/> "Consul DNS"<br/> ],<br/> "consul-grpc-tcp": [<br/> 8502,<br/> 8502,<br/> "tcp",<br/> "Consul gRPC"<br/> ],<br/> "consul-grpc-tcp-tls": [<br/> 8503,<br/> 8503,<br/> "tcp",<br/> "Consul gRPC TLS"<br/> ],<br/> "consul-serf-lan-tcp": [<br/> 8301,<br/> 8301,<br/> "tcp",<br/> "Serf LAN"<br/> ],<br/> "consul-serf-lan-udp": [<br/> 8301,<br/> 8301,<br/> "udp",<br/> "Serf LAN"<br/> ],<br/> "consul-serf-wan-tcp": [<br/> 8302,<br/> 8302,<br/> "tcp",<br/> "Serf WAN"<br/> ],<br/> "consul-serf-wan-udp": [<br/> 8302,<br/> 8302,<br/> "udp",<br/> "Serf WAN"<br/> ],<br/> "consul-tcp": [<br/> 8300,<br/> 8300,<br/> "tcp",<br/> "Consul server"<br/> ],<br/> "consul-webui-http-tcp": [<br/> 8500,<br/> 8500,<br/> "tcp",<br/> "Consul web UI HTTP"<br/> ],<br/> "consul-webui-https-tcp": [<br/> 8501,<br/> 8501,<br/> "tcp",<br/> "Consul web UI HTTPS"<br/> ],<br/> "dax-cluster-encrypted-tcp": [<br/> 9111,<br/> 9111,<br/> "tcp",<br/> "DAX Cluster encrypted"<br/> ],<br/> "dax-cluster-unencrypted-tcp": [<br/> 8111,<br/> 8111,<br/> "tcp",<br/> "DAX Cluster unencrypted"<br/> ],<br/> "dns-tcp": [<br/> 53,<br/> 53,<br/> "tcp",<br/> "DNS"<br/> ],<br/> "dns-udp": [<br/> 53,<br/> 53,<br/> "udp",<br/> "DNS"<br/> ],<br/> "docker-swarm-mngmt-tcp": [<br/> 2377,<br/> 2377,<br/> "tcp",<br/> "Docker Swarm cluster management"<br/> ],<br/> "docker-swarm-node-tcp": [<br/> 7946,<br/> 7946,<br/> "tcp",<br/> "Docker Swarm node"<br/> ],<br/> "docker-swarm-node-udp": [<br/> 7946,<br/> 7946,<br/> "udp",<br/> "Docker Swarm node"<br/> ],<br/> "docker-swarm-overlay-udp": [<br/> 4789,<br/> 4789,<br/> "udp",<br/> "Docker Swarm Overlay Network Traffic"<br/> ],<br/> "elasticsearch-java-tcp": [<br/> 9300,<br/> 9300,<br/> "tcp",<br/> "Elasticsearch Java interface"<br/> ],<br/> "elasticsearch-rest-tcp": [<br/> 9200,<br/> 9200,<br/> "tcp",<br/> "Elasticsearch REST interface"<br/> ],<br/> "etcd-client-tcp": [<br/> 2379,<br/> 2379,<br/> "tcp",<br/> "Etcd Client"<br/> ],<br/> "etcd-peer-tcp": [<br/> 2380,<br/> 2380,<br/> "tcp",<br/> "Etcd Peer"<br/> ],<br/> "grafana-tcp": [<br/> 3000,<br/> 3000,<br/> "tcp",<br/> "Grafana Dashboard"<br/> ],<br/> "graphite-2003-tcp": [<br/> 2003,<br/> 2003,<br/> "tcp",<br/> "Carbon receiver plain text"<br/> ],<br/> "graphite-2004-tcp": [<br/> 2004,<br/> 2004,<br/> "tcp",<br/> "Carbon receiver pickle"<br/> ],<br/> "graphite-2023-tcp": [<br/> 2023,<br/> 2023,<br/> "tcp",<br/> "Carbon aggregator plaintext"<br/> ],<br/> "graphite-2024-tcp": [<br/> 2024,<br/> 2024,<br/> "tcp",<br/> "Carbon aggregator pickle"<br/> ],<br/> "graphite-8080-tcp": [<br/> 8080,<br/> 8080,<br/> "tcp",<br/> "Graphite gunicorn port"<br/> ],<br/> "graphite-8125-tcp": [<br/> 8125,<br/> 8125,<br/> "tcp",<br/> "Statsd TCP"<br/> ],<br/> "graphite-8125-udp": [<br/> 8125,<br/> 8125,<br/> "udp",<br/> "Statsd UDP default"<br/> ],<br/> "graphite-8126-tcp": [<br/> 8126,<br/> 8126,<br/> "tcp",<br/> "Statsd admin"<br/> ],<br/> "graphite-webui": [<br/> 80,<br/> 80,<br/> "tcp",<br/> "Graphite admin interface"<br/> ],<br/> "http-80-tcp": [<br/> 80,<br/> 80,<br/> "tcp",<br/> "HTTP"<br/> ],<br/> "http-8080-tcp": [<br/> 8080,<br/> 8080,<br/> "tcp",<br/> "HTTP"<br/> ],<br/> "https-443-tcp": [<br/> 443,<br/> 443,<br/> "tcp",<br/> "HTTPS"<br/> ],<br/> "https-8443-tcp": [<br/> 8443,<br/> 8443,<br/> "tcp",<br/> "HTTPS"<br/> ],<br/> "ipsec-4500-udp": [<br/> 4500,<br/> 4500,<br/> "udp",<br/> "IPSEC NAT-T"<br/> ],<br/> "ipsec-500-udp": [<br/> 500,<br/> 500,<br/> "udp",<br/> "IPSEC ISAKMP"<br/> ],<br/> "kafka-broker-sasl-iam-public-tcp": [<br/> 9198,<br/> 9198,<br/> "tcp",<br/> "Kafka SASL/IAM Public access control enabled (MSK specific)"<br/> ],<br/> "kafka-broker-sasl-iam-tcp": [<br/> 9098,<br/> 9098,<br/> "tcp",<br/> "Kafka SASL/IAM access control enabled (MSK specific)"<br/> ],<br/> "kafka-broker-sasl-scram-public-tcp": [<br/> 9196,<br/> 9196,<br/> "tcp",<br/> "Kafka SASL/SCRAM Public enabled broker (MSK specific)"<br/> ],<br/> "kafka-broker-sasl-scram-tcp": [<br/> 9096,<br/> 9096,<br/> "tcp",<br/> "Kafka SASL/SCRAM enabled broker (MSK specific)"<br/> ],<br/> "kafka-broker-tcp": [<br/> 9092,<br/> 9092,<br/> "tcp",<br/> "Kafka PLAINTEXT enable broker 0.8.2+"<br/> ],<br/> "kafka-broker-tls-public-tcp": [<br/> 9194,<br/> 9194,<br/> "tcp",<br/> "Kafka TLS Public enabled broker 0.8.2+ (MSK specific)"<br/> ],<br/> "kafka-broker-tls-tcp": [<br/> 9094,<br/> 9094,<br/> "tcp",<br/> "Kafka TLS enabled broker 0.8.2+"<br/> ],<br/> "kafka-jmx-exporter-tcp": [<br/> 11001,<br/> 11001,<br/> "tcp",<br/> "Kafka JMX Exporter"<br/> ],<br/> "kafka-node-exporter-tcp": [<br/> 11002,<br/> 11002,<br/> "tcp",<br/> "Kafka Node Exporter"<br/> ],<br/> "kibana-tcp": [<br/> 5601,<br/> 5601,<br/> "tcp",<br/> "Kibana Web Interface"<br/> ],<br/> "kubernetes-api-tcp": [<br/> 6443,<br/> 6443,<br/> "tcp",<br/> "Kubernetes API Server"<br/> ],<br/> "ldap-tcp": [<br/> 389,<br/> 389,<br/> "tcp",<br/> "LDAP"<br/> ],<br/> "ldaps-tcp": [<br/> 636,<br/> 636,<br/> "tcp",<br/> "LDAPS"<br/> ],<br/> "logstash-tcp": [<br/> 5044,<br/> 5044,<br/> "tcp",<br/> "Logstash"<br/> ],<br/> "loki-grafana": [<br/> 3100,<br/> 3100,<br/> "tcp",<br/> "Grafana Loki endpoint"<br/> ],<br/> "loki-grafana-grpc": [<br/> 9095,<br/> 9095,<br/> "tcp",<br/> "Grafana Loki GRPC"<br/> ],<br/> "memcached-tcp": [<br/> 11211,<br/> 11211,<br/> "tcp",<br/> "Memcached"<br/> ],<br/> "minio-tcp": [<br/> 9000,<br/> 9000,<br/> "tcp",<br/> "MinIO"<br/> ],<br/> "mongodb-27017-tcp": [<br/> 27017,<br/> 27017,<br/> "tcp",<br/> "MongoDB"<br/> ],<br/> "mongodb-27018-tcp": [<br/> 27018,<br/> 27018,<br/> "tcp",<br/> "MongoDB shard"<br/> ],<br/> "mongodb-27019-tcp": [<br/> 27019,<br/> 27019,<br/> "tcp",<br/> "MongoDB config server"<br/> ],<br/> "mssql-analytics-tcp": [<br/> 2383,<br/> 2383,<br/> "tcp",<br/> "MSSQL Analytics"<br/> ],<br/> "mssql-broker-tcp": [<br/> 4022,<br/> 4022,<br/> "tcp",<br/> "MSSQL Broker"<br/> ],<br/> "mssql-tcp": [<br/> 1433,<br/> 1433,<br/> "tcp",<br/> "MSSQL Server"<br/> ],<br/> "mssql-udp": [<br/> 1434,<br/> 1434,<br/> "udp",<br/> "MSSQL Browser"<br/> ],<br/> "mysql-tcp": [<br/> 3306,<br/> 3306,<br/> "tcp",<br/> "MySQL/Aurora"<br/> ],<br/> "nfs-tcp": [<br/> 2049,<br/> 2049,<br/> "tcp",<br/> "NFS/EFS"<br/> ],<br/> "nomad-http-tcp": [<br/> 4646,<br/> 4646,<br/> "tcp",<br/> "Nomad HTTP"<br/> ],<br/> "nomad-rpc-tcp": [<br/> 4647,<br/> 4647,<br/> "tcp",<br/> "Nomad RPC"<br/> ],<br/> "nomad-serf-tcp": [<br/> 4648,<br/> 4648,<br/> "tcp",<br/> "Serf"<br/> ],<br/> "nomad-serf-udp": [<br/> 4648,<br/> 4648,<br/> "udp",<br/> "Serf"<br/> ],<br/> "ntp-udp": [<br/> 123,<br/> 123,<br/> "udp",<br/> "NTP"<br/> ],<br/> "octopus-tentacle-tcp": [<br/> 10933,<br/> 10933,<br/> "tcp",<br/> "Octopus Tentacle"<br/> ],<br/> "openvpn-https-tcp": [<br/> 443,<br/> 443,<br/> "tcp",<br/> "OpenVPN"<br/> ],<br/> "openvpn-tcp": [<br/> 943,<br/> 943,<br/> "tcp",<br/> "OpenVPN"<br/> ],<br/> "openvpn-udp": [<br/> 1194,<br/> 1194,<br/> "udp",<br/> "OpenVPN"<br/> ],<br/> "oracle-db-tcp": [<br/> 1521,<br/> 1521,<br/> "tcp",<br/> "Oracle"<br/> ],<br/> "postgresql-tcp": [<br/> 5432,<br/> 5432,<br/> "tcp",<br/> "PostgreSQL"<br/> ],<br/> "prometheus-http-tcp": [<br/> 9090,<br/> 9090,<br/> "tcp",<br/> "Prometheus"<br/> ],<br/> "prometheus-node-exporter-http-tcp": [<br/> 9100,<br/> 9100,<br/> "tcp",<br/> "Prometheus Node Exporter"<br/> ],<br/> "prometheus-pushgateway-http-tcp": [<br/> 9091,<br/> 9091,<br/> "tcp",<br/> "Prometheus Pushgateway"<br/> ],<br/> "promtail-http": [<br/> 9080,<br/> 9080,<br/> "tcp",<br/> "Promtail endpoint"<br/> ],<br/> "puppet-tcp": [<br/> 8140,<br/> 8140,<br/> "tcp",<br/> "Puppet"<br/> ],<br/> "puppetdb-tcp": [<br/> 8081,<br/> 8081,<br/> "tcp",<br/> "PuppetDB"<br/> ],<br/> "rabbitmq-15672-tcp": [<br/> 15672,<br/> 15672,<br/> "tcp",<br/> "RabbitMQ"<br/> ],<br/> "rabbitmq-25672-tcp": [<br/> 25672,<br/> 25672,<br/> "tcp",<br/> "RabbitMQ"<br/> ],<br/> "rabbitmq-4369-tcp": [<br/> 4369,<br/> 4369,<br/> "tcp",<br/> "RabbitMQ epmd"<br/> ],<br/> "rabbitmq-5671-tcp": [<br/> 5671,<br/> 5671,<br/> "tcp",<br/> "RabbitMQ"<br/> ],<br/> "rabbitmq-5672-tcp": [<br/> 5672,<br/> 5672,<br/> "tcp",<br/> "RabbitMQ"<br/> ],<br/> "rdp-tcp": [<br/> 3389,<br/> 3389,<br/> "tcp",<br/> "Remote Desktop"<br/> ],<br/> "rdp-udp": [<br/> 3389,<br/> 3389,<br/> "udp",<br/> "Remote Desktop"<br/> ],<br/> "redis-tcp": [<br/> 6379,<br/> 6379,<br/> "tcp",<br/> "Redis"<br/> ],<br/> "redshift-tcp": [<br/> 5439,<br/> 5439,<br/> "tcp",<br/> "Redshift"<br/> ],<br/> "saltstack-tcp": [<br/> 4505,<br/> 4506,<br/> "tcp",<br/> "SaltStack"<br/> ],<br/> "smtp-submission-2587-tcp": [<br/> 2587,<br/> 2587,<br/> "tcp",<br/> "SMTP Submission"<br/> ],<br/> "smtp-submission-587-tcp": [<br/> 587,<br/> 587,<br/> "tcp",<br/> "SMTP Submission"<br/> ],<br/> "smtp-tcp": [<br/> 25,<br/> 25,<br/> "tcp",<br/> "SMTP"<br/> ],<br/> "smtps-2456-tcp": [<br/> 2465,<br/> 2465,<br/> "tcp",<br/> "SMTPS"<br/> ],<br/> "smtps-465-tcp": [<br/> 465,<br/> 465,<br/> "tcp",<br/> "SMTPS"<br/> ],<br/> "solr-tcp": [<br/> 8983,<br/> 8987,<br/> "tcp",<br/> "Solr"<br/> ],<br/> "splunk-hec-tcp": [<br/> 8088,<br/> 8088,<br/> "tcp",<br/> "Splunk HEC"<br/> ],<br/> "splunk-indexer-tcp": [<br/> 9997,<br/> 9997,<br/> "tcp",<br/> "Splunk indexer"<br/> ],<br/> "splunk-splunkd-tcp": [<br/> 8089,<br/> 8089,<br/> "tcp",<br/> "Splunkd"<br/> ],<br/> "splunk-web-tcp": [<br/> 8000,<br/> 8000,<br/> "tcp",<br/> "Splunk Web"<br/> ],<br/> "squid-proxy-tcp": [<br/> 3128,<br/> 3128,<br/> "tcp",<br/> "Squid default proxy"<br/> ],<br/> "ssh-tcp": [<br/> 22,<br/> 22,<br/> "tcp",<br/> "SSH"<br/> ],<br/> "storm-nimbus-tcp": [<br/> 6627,<br/> 6627,<br/> "tcp",<br/> "Nimbus"<br/> ],<br/> "storm-supervisor-tcp": [<br/> 6700,<br/> 6703,<br/> "tcp",<br/> "Supervisor"<br/> ],<br/> "storm-ui-tcp": [<br/> 8080,<br/> 8080,<br/> "tcp",<br/> "Storm UI"<br/> ],<br/> "vault-tcp": [<br/> 8200,<br/> 8200,<br/> "tcp",<br/> "Vault"<br/> ],<br/> "wazuh-dashboard": [<br/> 443,<br/> 443,<br/> "tcp",<br/> "Wazuh web user interface"<br/> ],<br/> "wazuh-indexer-restful-api": [<br/> 9200,<br/> 9200,<br/> "tcp",<br/> "Wazuh indexer RESTful API"<br/> ],<br/> "wazuh-server-agent-cluster-daemon": [<br/> 1516,<br/> 1516,<br/> "tcp",<br/> "Wazuh cluster daemon"<br/> ],<br/> "wazuh-server-agent-connection-tcp": [<br/> 1514,<br/> 1514,<br/> "tcp",<br/> "Agent connection service(TCP)"<br/> ],<br/> "wazuh-server-agent-connection-udp": [<br/> 1514,<br/> 1514,<br/> "udp",<br/> "Agent connection service(UDP)"<br/> ],<br/> "wazuh-server-agent-enrollment": [<br/> 1515,<br/> 1515,<br/> "tcp",<br/> "Agent enrollment service"<br/> ],<br/> "wazuh-server-restful-api": [<br/> 55000,<br/> 55000,<br/> "tcp",<br/> "Wazuh server RESTful API"<br/> ],<br/> "wazuh-server-syslog-collector-tcp": [<br/> 514,<br/> 514,<br/> "tcp",<br/> "Wazuh Syslog collector(TCP)"<br/> ],<br/> "wazuh-server-syslog-collector-udp": [<br/> 514,<br/> 514,<br/> "udp",<br/> "Wazuh Syslog collector(UDP)"<br/> ],<br/> "web-jmx-tcp": [<br/> 1099,<br/> 1099,<br/> "tcp",<br/> "JMX"<br/> ],<br/> "winrm-http-tcp": [<br/> 5985,<br/> 5985,<br/> "tcp",<br/> "WinRM HTTP"<br/> ],<br/> "winrm-https-tcp": [<br/> 5986,<br/> 5986,<br/> "tcp",<br/> "WinRM HTTPS"<br/> ],<br/> "zabbix-agent": [<br/> 10050,<br/> 10050,<br/> "tcp",<br/> "Zabbix Agent"<br/> ],<br/> "zabbix-proxy": [<br/> 10051,<br/> 10051,<br/> "tcp",<br/> "Zabbix Proxy"<br/> ],<br/> "zabbix-server": [<br/> 10051,<br/> 10051,<br/> "tcp",<br/> "Zabbix Server"<br/> ],<br/> "zipkin-admin-query-tcp": [<br/> 9901,<br/> 9901,<br/> "tcp",<br/> "Zipkin Admin port query"<br/> ],<br/> "zipkin-admin-tcp": [<br/> 9990,<br/> 9990,<br/> "tcp",<br/> "Zipkin Admin port collector"<br/> ],<br/> "zipkin-admin-web-tcp": [<br/> 9991,<br/> 9991,<br/> "tcp",<br/> "Zipkin Admin port web"<br/> ],<br/> "zipkin-query-tcp": [<br/> 9411,<br/> 9411,<br/> "tcp",<br/> "Zipkin query port"<br/> ],<br/> "zipkin-web-tcp": [<br/> 8080,<br/> 8080,<br/> "tcp",<br/> "Zipkin web port"<br/> ],<br/> "zookeeper-2181-tcp": [<br/> 2181,<br/> 2181,<br/> "tcp",<br/> "Zookeeper"<br/> ],<br/> "zookeeper-2182-tls-tcp": [<br/> 2182,<br/> 2182,<br/> "tcp",<br/> "Zookeeper TLS (MSK specific)"<br/> ],<br/> "zookeeper-2888-tcp": [<br/> 2888,<br/> 2888,<br/> "tcp",<br/> "Zookeeper"<br/> ],<br/> "zookeeper-3888-tcp": [<br/> 3888,<br/> 3888,<br/> "tcp",<br/> "Zookeeper"<br/> ],<br/> "zookeeper-jmx-tcp": [<br/> 7199,<br/> 7199,<br/> "tcp",<br/> "JMX"<br/> ]<br/>}</pre>no
<a name="input_security_group_id"></a> security_group_idID of existing security group whose rules we will managestringnullno
<a name="input_tags"></a> tagsA mapping of tags to assign to security groupmap(string){}no
<a name="input_use_name_prefix"></a> use_name_prefixWhether to use name_prefix or fixed name. Should be true to able to update security group name after initial creationbooltrueno
<a name="input_vpc_id"></a> vpc_idID of the VPC where to create security groupstringnullno

Outputs

NameDescription
<a name="output_security_group_arn"></a> security_group_arnThe ARN of the security group
<a name="output_security_group_description"></a> security_group_descriptionThe description of the security group
<a name="output_security_group_id"></a> security_group_idThe ID of the security group
<a name="output_security_group_name"></a> security_group_nameThe name of the security group
<a name="output_security_group_owner_id"></a> security_group_owner_idThe owner ID
<a name="output_security_group_vpc_id"></a> security_group_vpc_idThe VPC ID
<!-- END_TF_DOCS -->

Authors

Module managed by Anton Babenko.

License

Apache 2 Licensed. See LICENSE for full details.

Additional information for users from Russia and Belarus