FEATURES PRICING ABOUT DOCS LOGIN

aws_security_group

Provides a security group resource.

~> NOTE on Security Groups and Security Group Rules: Terraform currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

Basic usage

resource "aws_security_group" "allow_all" {
  name = "allow_all"
  description = "Allow all inbound traffic"

  ingress {
      from_port = 0
      to_port = 0
      protocol = "-1"
      cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
      from_port = 0
      to_port = 0
      protocol = "-1"
      cidr_blocks = ["0.0.0.0/0"]
      prefix_list_ids = ["pl-12c4e678"]
  }
}

Basic usage with tags:

resource "aws_security_group" "allow_all" {
  name = "allow_all"
  description = "Allow all inbound traffic"

  ingress {
      from_port = 0
      to_port = 65535
      protocol = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
  }

  tags {
    Name = "allow_all"
  }
}

Argument Reference

The following arguments are supported:

The ingress block supports:

The egress block supports:

~> NOTE on Egress rules: By default, AWS creates an ALLOW ALL egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, Terraform will remove this default rule, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this egress block:

egress {
  from_port = 0
  to_port = 0
  protocol = "-1"
  cidr_blocks = ["0.0.0.0/0"]
}

Usage with prefix list IDs

Prefix list IDs are manged by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:

    ...
      egress {
        from_port = 0
        to_port = 0
        protocol = "-1"
        prefix_list_ids = ["${aws_vpc_endpoint.my_endpoint.prefix_list_id}"]
      }
    ...
    resource "aws_vpc_endpoint" "my_endpoint" {
      ...
    }

Attributes Reference

The following attributes are exported:

Import

Security Groups can be imported using the security group id, e.g.

$ terraform import aws_security_group.elb_sg sg-903004f8

See the source of this document at Terraform.io

REQUEST A DEMO