Difference between revisions of "Terraform resource: aws security group"
Jump to navigation
Jump to search
| (26 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| + | <code>[[aws_security_group]]</code> | ||
* https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group | * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group | ||
| + | |||
| + | protocol = [tcp|all .../... ] | ||
| + | |||
| + | == Examples == | ||
| + | |||
| + | <pre> | ||
| + | resource "aws_security_group" "allow_ssh" { | ||
| + | name = "allow_ssh" | ||
| + | description = "Allow ssh inbound traffic from Internet" | ||
| + | |||
| + | ingress { | ||
| + | description = "SSH from Internet" | ||
| + | from_port = 22 | ||
| + | to_port = 22 | ||
| + | protocol = "tcp" | ||
| + | cidr_blocks = ["0.0.0.0/0"] | ||
| + | ipv6_cidr_blocks = ["::/0"] | ||
| + | } | ||
| + | |||
| + | tags = { | ||
| + | Name = "allow_ssh" | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | |||
| Line 5: | Line 32: | ||
name = "allow_tls" | name = "allow_tls" | ||
description = "Allow TLS inbound traffic" | description = "Allow TLS inbound traffic" | ||
| − | vpc_id = aws_vpc.main.id | + | [[vpc_id]] = aws_vpc.main.id |
| − | ingress { | + | [[ingress]] { |
description = "TLS from VPC" | description = "TLS from VPC" | ||
from_port = 443 | from_port = 443 | ||
to_port = 443 | to_port = 443 | ||
protocol = "tcp" | protocol = "tcp" | ||
| − | cidr_blocks = [aws_vpc.main.cidr_block] | + | [[cidr_blocks]] = [aws_vpc.main.cidr_block] |
ipv6_cidr_blocks = [aws_vpc.main.ipv6_cidr_block] | ipv6_cidr_blocks = [aws_vpc.main.ipv6_cidr_block] | ||
} | } | ||
| − | egress { | + | [[egress]] { |
from_port = 0 | from_port = 0 | ||
to_port = 0 | to_port = 0 | ||
| Line 29: | Line 56: | ||
} | } | ||
| + | == Arguments == | ||
| + | * <code>[[prefix_list_ids]]</code> (optional) | ||
| + | |||
| + | == Errors == | ||
| + | │ Error: updating Security Group (sg-0bfc4f25123432) [[ingress rules]]: authorizing Security Group (ingress) rules: InvalidParameterValue: Invalid value 'http' for IP protocol. Unknown protocol. | ||
== Related terms == | == Related terms == | ||
| + | * Terraform resource: <code>[[aws_security_group_rule]]</code> | ||
* [[Security group]] | * [[Security group]] | ||
| + | * <code>[[vpc_id]]</code> | ||
| + | * <code>[[security_groups]], [[network_configuration]]</code>: <code>[[aws_ecs_service]]</code> | ||
| + | * <code>[[vpc_security_group_ids]]</code>: <code>[[aws_instance]], [[aws_db_instance]]</code> | ||
| + | * <code>[[aws_instance]]</code> | ||
| + | * <code>[[aws_network_interface_sg_attachment]]</code> | ||
| + | * <code>[[aws ec2 create-security-group]]</code> | ||
== See also == | == See also == | ||
| − | * {{ | + | * {{tf sg}} |
| − | * {{ | + | * {{tf iam}} |
[[Category:Terraform]] | [[Category:Terraform]] | ||
Latest revision as of 10:12, 10 October 2024
protocol = [tcp|all .../... ]
Examples[edit]
resource "aws_security_group" "allow_ssh" {
name = "allow_ssh"
description = "Allow ssh inbound traffic from Internet"
ingress {
description = "SSH from Internet"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "allow_ssh"
}
}
resource "aws_security_group" "allow_tls" {
name = "allow_tls"
description = "Allow TLS inbound traffic"
vpc_id = aws_vpc.main.id
ingress {
description = "TLS from VPC"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
ipv6_cidr_blocks = [aws_vpc.main.ipv6_cidr_block]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "allow_tls"
}
}
Arguments[edit]
prefix_list_ids(optional)
Errors[edit]
│ Error: updating Security Group (sg-0bfc4f25123432) ingress rules: authorizing Security Group (ingress) rules: InvalidParameterValue: Invalid value 'http' for IP protocol. Unknown protocol.
Related terms[edit]
- Terraform resource:
aws_security_group_rule - Security group
vpc_idsecurity_groups, network_configuration:aws_ecs_servicevpc_security_group_ids:aws_instance, aws_db_instanceaws_instanceaws_network_interface_sg_attachmentaws ec2 create-security-group
See also[edit]
Advertising:
