terraform/website/source/docs/providers/aws/r/security_group.html.markdown

103 lines
2.7 KiB
Markdown
Raw Normal View History

---
layout: "aws"
page_title: "AWS: aws_security_group"
sidebar_current: "docs-aws-resource-security-group"
2014-10-22 05:21:56 +02:00
description: |-
Provides an security group resource.
---
# aws\_security\_group
Provides an security group resource.
## Example Usage
2014-10-14 23:07:01 +02:00
Basic usage
```
resource "aws_security_group" "allow_all" {
2014-10-14 23:07:01 +02:00
name = "allow_all"
description = "Allow all inbound traffic"
2014-10-14 23:07:01 +02:00
ingress {
from_port = 0
to_port = 65535
protocol = "-1"
2014-10-14 23:07:01 +02:00
cidr_blocks = ["0.0.0.0/0"]
}
2015-02-17 19:23:10 +01:00
egress {
from_port = 0
to_port = 65535
protocol = "-1"
2015-02-17 19:23:10 +01:00
cidr_blocks = ["0.0.0.0/0"]
}
2014-10-14 23:07:01 +02:00
}
```
Basic usage with tags:
```
resource "aws_security_group" "allow_all" {
name = "allow_all"
description = "Allow all inbound traffic"
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "allow_all"
}
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the security group
* `description` - (Required) The security group description.
* `ingress` - (Optional) Can be specified multiple times for each
ingress rule. Each ingress block supports fields documented below.
2015-02-17 19:23:10 +01:00
* `egress` - (Optional) Can be specified multiple times for each
egress rule. Each egress block supports fields documented below.
VPC only.
* `vpc_id` - (Optional) The VPC ID.
* `tags` - (Optional) A mapping of tags to assign to the resource.
The `ingress` block supports:
* `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
* `from_port` - (Required) The start port.
* `protocol` - (Required) The protocol.
* `security_groups` - (Optional) List of security group IDs. Cannot be used with `cidr_blocks`.
* `self` - (Optional) If true, the security group itself will be added as
a source to this ingress rule.
* `to_port` - (Required) The end range port.
2015-02-17 19:23:10 +01:00
The `egress` block supports:
* `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
* `from_port` - (Required) The start port.
* `protocol` - (Required) The protocol.
* `security_groups` - (Optional) List of security group IDs. Cannot be used with `cidr_blocks`.
* `self` - (Optional) If true, the security group itself will be added as
a source to this egress rule.
* `to_port` - (Required) The end range port.
## Attributes Reference
The following attributes are exported:
* `id` - The ID of the security group
* `vpc_id` - The VPC ID.
* `owner_id` - The owner ID.
* `name` - The name of the security group
* `description` - The description of the security group
* `ingress` - The ingress rules. See above for more.
2015-02-17 19:23:10 +01:00
* `egress` - The egress rules. See above for more.