2014-07-23 22:32:33 +02:00
|
|
|
---
|
|
|
|
layout: "aws"
|
|
|
|
page_title: "AWS: aws_security_group"
|
|
|
|
sidebar_current: "docs-aws-resource-security-group"
|
2014-10-22 05:21:56 +02:00
|
|
|
description: |-
|
|
|
|
Provides an security group resource.
|
2014-07-23 22:32:33 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
# aws\_security\_group
|
|
|
|
|
|
|
|
Provides an security group resource.
|
|
|
|
|
|
|
|
## Example Usage
|
|
|
|
|
2014-10-14 23:07:01 +02:00
|
|
|
Basic usage
|
|
|
|
|
2014-07-23 22:32:33 +02:00
|
|
|
```
|
|
|
|
resource "aws_security_group" "allow_all" {
|
2014-10-14 23:07:01 +02:00
|
|
|
name = "allow_all"
|
2015-03-18 19:45:32 +01:00
|
|
|
description = "Allow all inbound traffic"
|
2014-08-03 04:39:22 +02:00
|
|
|
|
2014-10-14 23:07:01 +02:00
|
|
|
ingress {
|
|
|
|
from_port = 0
|
|
|
|
to_port = 65535
|
2015-03-03 00:33:54 +01:00
|
|
|
protocol = "-1"
|
2014-10-14 23:07:01 +02:00
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
|
|
}
|
2015-02-17 19:23:10 +01:00
|
|
|
|
|
|
|
egress {
|
|
|
|
from_port = 0
|
|
|
|
to_port = 65535
|
2015-03-03 00:33:54 +01:00
|
|
|
protocol = "-1"
|
2015-02-17 19:23:10 +01:00
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
|
|
}
|
2014-10-14 23:07:01 +02:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
Basic usage with tags:
|
|
|
|
|
|
|
|
```
|
|
|
|
resource "aws_security_group" "allow_all" {
|
|
|
|
name = "allow_all"
|
|
|
|
description = "Allow all inbound traffic"
|
|
|
|
|
|
|
|
ingress {
|
|
|
|
from_port = 0
|
|
|
|
to_port = 65535
|
|
|
|
protocol = "tcp"
|
|
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
|
|
}
|
|
|
|
|
|
|
|
tags {
|
|
|
|
Name = "allow_all"
|
|
|
|
}
|
2014-07-23 22:32:33 +02:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Argument Reference
|
|
|
|
|
|
|
|
The following arguments are supported:
|
|
|
|
|
|
|
|
* `name` - (Required) The name of the security group
|
2014-07-30 23:59:09 +02:00
|
|
|
* `description` - (Required) The security group description.
|
2014-12-08 08:52:04 +01:00
|
|
|
* `ingress` - (Optional) Can be specified multiple times for each
|
2014-07-23 22:32:33 +02:00
|
|
|
ingress rule. Each ingress block supports fields documented below.
|
2015-05-05 23:22:18 +02:00
|
|
|
* `egress` - (Optional, VPC only) Can be specified multiple times for each
|
2015-02-17 19:23:10 +01:00
|
|
|
egress rule. Each egress block supports fields documented below.
|
2014-07-23 22:32:33 +02:00
|
|
|
* `vpc_id` - (Optional) The VPC ID.
|
2015-04-10 21:29:31 +02:00
|
|
|
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
2014-07-23 22:32:33 +02:00
|
|
|
|
|
|
|
The `ingress` block supports:
|
|
|
|
|
2015-01-14 18:28:25 +01:00
|
|
|
* `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
|
2014-07-23 22:32:33 +02:00
|
|
|
* `from_port` - (Required) The start port.
|
|
|
|
* `protocol` - (Required) The protocol.
|
2015-04-09 21:41:41 +02:00
|
|
|
* `security_groups` - (Optional) List of security group Group Names if using
|
|
|
|
EC2-Classic or the default VPC, or Group IDs if using a non-default VPC.
|
|
|
|
Cannot be used with `cidr_blocks`.
|
2014-09-30 23:19:16 +02:00
|
|
|
* `self` - (Optional) If true, the security group itself will be added as
|
|
|
|
a source to this ingress rule.
|
2014-07-23 22:32:33 +02:00
|
|
|
* `to_port` - (Required) The end range port.
|
|
|
|
|
2015-02-17 19:23:10 +01:00
|
|
|
The `egress` block supports:
|
|
|
|
|
|
|
|
* `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
|
|
|
|
* `from_port` - (Required) The start port.
|
|
|
|
* `protocol` - (Required) The protocol.
|
2015-04-09 21:41:41 +02:00
|
|
|
* `security_groups` - (Optional) List of security group Group Names if using
|
|
|
|
EC2-Classic or the default VPC, or Group IDs if using a non-default VPC.
|
|
|
|
Cannot be used with `cidr_blocks`.
|
2015-02-17 19:23:10 +01:00
|
|
|
* `self` - (Optional) If true, the security group itself will be added as
|
|
|
|
a source to this egress rule.
|
|
|
|
* `to_port` - (Required) The end range port.
|
|
|
|
|
2015-05-01 17:07:46 +02:00
|
|
|
~> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a
|
|
|
|
new Security Group inside of a VPC. When creating a new Security
|
|
|
|
Group inside a VPC, **Terraform will remove this default rule**, and require you
|
|
|
|
specifically re-create it if you desire that rule. We feel this leads to fewer
|
|
|
|
surprises in terms of controlling your egress rules. If you desire this rule to
|
|
|
|
be in place, you can use this `egress` block:
|
|
|
|
|
|
|
|
egress {
|
|
|
|
from_port = 0
|
|
|
|
to_port = 0
|
|
|
|
protocol = "-1"
|
|
|
|
cidr_block = "0.0.0.0/0"
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:32:33 +02:00
|
|
|
## Attributes Reference
|
|
|
|
|
|
|
|
The following attributes are exported:
|
|
|
|
|
|
|
|
* `id` - The ID of the security group
|
|
|
|
* `vpc_id` - The VPC ID.
|
|
|
|
* `owner_id` - The owner ID.
|
|
|
|
* `name` - The name of the security group
|
|
|
|
* `description` - The description of the security group
|
|
|
|
* `ingress` - The ingress rules. See above for more.
|
2015-02-17 19:23:10 +01:00
|
|
|
* `egress` - The egress rules. See above for more.
|