Hello experts!
I need to create 3 different application security groups and its appropriate rules. Each security group has different set of rules (ingress and egress with different ports and different cidr_blocks)
I was trying to achieve with the below code
# Application Security Group Rule creation
locals {
rule_set1= {
"app1" = { port = ["8445", "22"], source_ip = ["192.168.0.1/32", "192.168.0.2/32"] },
"app2" = { port = ["8443"], source_ip = ["10.0.0.9/32"] },
"app3" = { port = ["443"], source_ip = ["10.0.0.10/32"] }
}
rule_set2= {
"app1" = { port = ["1521", "443"], source_ip = ["192.168.0.5/32", "192.168.0.6/32"] },
"app2" = { port = ["8445"], source_ip = ["10.0.0.21/32"] },
"app3" = { port = ["22"], source_ip = ["10.0.0.22/32"] }
}
}
module "app_sg" {
for_each = local.rule_set1
source = "../modules/sg" # Change the path accordingly
description = "${each.key} Security Group"
sg_name = each.key
from_port = each.value.port
to_port = each.value.port
src_ip = each.value.source_ip
}
## Child module under (../module/sg)
resource "aws_security_group" "dev_test" {
description = "SG for web server"
ingress {
from_port = var.from_port
protocol = "tcp"
to_port = var.to_port
cidr_blocks = var.src_ip
description = "allow ingress port"
}
egress {
from_port = var.from_port
protocol = "tcp"
to_port = var.to_port
cidr_blocks = var.src_ip
description = "allow egress port"
}
}
variable "sg_name" {
default = ""
}
variable "description" {
default = ""
}
variable "from_port" {
default = ""
}
variable "to_port" {
default = ""
}
variable "src_ip" {
default = ""
}
There may be some erroneous from the above code blocks. Please suggest me the solution for this scenario. I need to this with minimal code and re-usable. Should be easy for me to manage (add/remove) the rules in the future as well.