FEATURES PRICING ABOUT DOCS LOGIN

aws_security_group_rule

Provides a security group rule resource. Represents a single ingress or egress group rule, which can be added to external Security Groups.

~> NOTE on Security Groups and Security Group Rules: Terraform currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

Basic usage

resource "aws_security_group_rule" "allow_all" {
    type = "ingress"
    from_port = 0
    to_port = 65535
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    prefix_list_ids = ["pl-12c4e678"]

    security_group_id = "sg-123456"
}

Argument Reference

The following arguments are supported:

Usage with prefix list IDs

Prefix list IDs are manged by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:

resource "aws_security_group_rule" "allow_all" {
    type = "egress"
    to_port = 0
    protocol = "-1"
    prefix_list_ids = ["${aws_vpc_endpoint.my_endpoint.prefix_list_id}"]
    from_port = 0
    security_group_id = "sg-123456"
}
...
resource "aws_vpc_endpoint" "my_endpoint" {
  ...
}

Attributes Reference

The following attributes are exported:


See the source of this document at Terraform.io

REQUEST A DEMO