Hello, I have one vpc, 24 security group, different security group rules in each security group with many ingress and one egress in each. The code is too long. How cal I minimize it?
security-group.tf
resource "aws_security_group" "this" {
count = var.sg_count
name = element(local.sg_name, count.index)
vpc_id = module.vpc.vpc_id_sg
tags = {
Name = "${element(local.sg_name_tag, count.index)}"
}
}
resource "aws_security_group_rule" "Synoptek-Edge" {
count = length(local.security_group_rules)
security_group_id = aws_security_group.this[0].id
type = local.security_group_rules[count.index].type
protocol = local.security_group_rules[count.index].protocol
from_port = local.security_group_rules[count.index].from
to_port = local.security_group_rules[count.index].to
cidr_blocks = [local.security_group_rules[count.index].cidr_blocks]
description = local.security_group_rules[count.index].description
}
resource "aws_security_group_rule" "EMRApps-SG" {
count = length(local.security_group_rules_1)
security_group_id = aws_security_group.this[1].id
type = local.security_group_rules_1[count.index].type
protocol = local.security_group_rules_1[count.index].protocol
from_port = local.security_group_rules_1[count.index].from
to_port = local.security_group_rules_1[count.index].to
cidr_blocks = [local.security_group_rules_1[count.index].cidr_blocks]
description = local.security_group_rules_1[count.index].description
}
resource "aws_security_group_rule" "AD-SG" {
count = length(local.security_group_rules_2)
security_group_id = aws_security_group.this[2].id
type = local.security_group_rules_2[count.index].type
protocol = local.security_group_rules_2[count.index].protocol
from_port = local.security_group_rules_2[count.index].from
to_port = local.security_group_rules_2[count.index].to
cidr_blocks = [local.security_group_rules_2[count.index].cidr_blocks]
description = local.security_group_rules_2[count.index].description
}
resource "aws_security_group_rule" "AccCntrl-SG" {
count = length(local.security_group_rules_3)
security_group_id = aws_security_group.this[3].id
type = local.security_group_rules_3[count.index].type
protocol = local.security_group_rules_3[count.index].protocol
from_port = local.security_group_rules_3[count.index].from
to_port = local.security_group_rules_3[count.index].to
cidr_blocks = [local.security_group_rules_3[count.index].cidr_blocks]
description = local.security_group_rules_3[count.index].description
}
resource "aws_security_group_rule" "EMR-Database" {
count = length(local.security_group_rules_4)
security_group_id = aws_security_group.this[4].id
type = local.security_group_rules_4[count.index].type
protocol = local.security_group_rules_4[count.index].protocol
from_port = local.security_group_rules_4[count.index].from
to_port = local.security_group_rules_4[count.index].to
cidr_blocks = [local.security_group_rules_4[count.index].cidr_blocks]
description = local.security_group_rules_4[count.index].description
}
resource "aws_security_group_rule" "Test-eCW-Access-SG" {
count = length(local.security_group_rules_5)
security_group_id = aws_security_group.this[5].id
type = local.security_group_rules_5[count.index].type
protocol = local.security_group_rules_5[count.index].protocol
from_port = local.security_group_rules_5[count.index].from
to_port = local.security_group_rules_5[count.index].to
cidr_blocks = [local.security_group_rules_5[count.index].cidr_blocks]
description = local.security_group_rules_5[count.index].description
}
resource "aws_security_group_rule" "Datica-Interface-SG" {
count = length(local.security_group_rules_6)
security_group_id = aws_security_group.this[6].id
type = local.security_group_rules_6[count.index].type
protocol = local.security_group_rules_6[count.index].protocol
from_port = local.security_group_rules_6[count.index].from
to_port = local.security_group_rules_6[count.index].to
cidr_blocks = [local.security_group_rules_6[count.index].cidr_blocks]
description = local.security_group_rules_6[count.index].description
}
resource "aws_security_group_rule" "Tolmar-Interface-SG" {
count = length(local.security_group_rules_7)
security_group_id = aws_security_group.this[7].id
type = local.security_group_rules_7[count.index].type
protocol = local.security_group_rules_7[count.index].protocol
from_port = local.security_group_rules_7[count.index].from
to_port = local.security_group_rules_7[count.index].to
cidr_blocks = [local.security_group_rules_7[count.index].cidr_blocks]
description = local.security_group_rules_7[count.index].description
}
resource "aws_security_group_rule" "eBO-http-SG" {
count = length(local.security_group_rules_8)
security_group_id = aws_security_group.this[8].id
type = local.security_group_rules_8[count.index].type
protocol = local.security_group_rules_8[count.index].protocol
from_port = local.security_group_rules_8[count.index].from
to_port = local.security_group_rules_8[count.index].to
cidr_blocks = [local.security_group_rules_8[count.index].cidr_blocks]
description = local.security_group_rules_8[count.index].description
}
resource "aws_security_group_rule" "DMZ-SFTP" {
count = length(local.security_group_rules_9)
security_group_id = aws_security_group.this[9].id
type = local.security_group_rules_9[count.index].type
protocol = local.security_group_rules_9[count.index].protocol
from_port = local.security_group_rules_9[count.index].from
to_port = local.security_group_rules_9[count.index].to
cidr_blocks = [local.security_group_rules_9[count.index].cidr_blocks]
description = local.security_group_rules_9[count.index].description
}
resource "aws_security_group_rule" "Internal-web_SG" {
count = length(local.security_group_rules_10)
security_group_id = aws_security_group.this[10].id
type = local.security_group_rules_10[count.index].type
protocol = local.security_group_rules_10[count.index].protocol
from_port = local.security_group_rules_10[count.index].from
to_port = local.security_group_rules_10[count.index].to
cidr_blocks = [local.security_group_rules_10[count.index].cidr_blocks]
description = local.security_group_rules_10[count.index].description
}
resource "aws_security_group_rule" "sg-app-server-elb" {
count = length(local.security_group_rules_11)
security_group_id = aws_security_group.this[11].id
type = local.security_group_rules_11[count.index].type
protocol = local.security_group_rules_11[count.index].protocol
from_port = local.security_group_rules_11[count.index].from
to_port = local.security_group_rules_11[count.index].to
cidr_blocks = [local.security_group_rules_11[count.index].cidr_blocks]
description = local.security_group_rules_11[count.index].description
}
resource "aws_security_group_rule" "ams-temp-sg" {
count = length(local.security_group_rules_12)
security_group_id = aws_security_group.this[12].id
type = local.security_group_rules_12[count.index].type
protocol = local.security_group_rules_12[count.index].protocol
from_port = local.security_group_rules_12[count.index].from
to_port = local.security_group_rules_12[count.index].to
cidr_blocks = [local.security_group_rules_12[count.index].cidr_blocks]
description = local.security_group_rules_12[count.index].description
}
resource "aws_security_group_rule" "sg-app-server-elb-instance" {
count = length(local.security_group_rules_13)
security_group_id = aws_security_group.this[13].id
type = local.security_group_rules_13[count.index].type
protocol = local.security_group_rules_13[count.index].protocol
from_port = local.security_group_rules_13[count.index].from
to_port = local.security_group_rules_13[count.index].to
cidr_blocks = [local.security_group_rules_13[count.index].cidr_blocks]
description = local.security_group_rules_13[count.index].description
}
resource "aws_security_group_rule" "sh-enable-ssh-access" {
count = length(local.security_group_rules_14)
security_group_id = aws_security_group.this[14].id
type = local.security_group_rules_14[count.index].type
protocol = local.security_group_rules_14[count.index].protocol
from_port = local.security_group_rules_14[count.index].from
to_port = local.security_group_rules_14[count.index].to
cidr_blocks = [local.security_group_rules_14[count.index].cidr_blocks]
description = local.security_group_rules_14[count.index].description
}
resource "aws_security_group_rule" "sg-reverse-proxy-dmz" {
count = length(local.security_group_rules_15)
security_group_id = aws_security_group.this[15].id
type = local.security_group_rules_15[count.index].type
protocol = local.security_group_rules_15[count.index].protocol
from_port = local.security_group_rules_15[count.index].from
to_port = local.security_group_rules_15[count.index].to
cidr_blocks = [local.security_group_rules_15[count.index].cidr_blocks]
description = local.security_group_rules_15[count.index].description
}
resource "aws_security_group_rule" "sg-reverse-proxy-dmz-instances" {
count = length(local.security_group_rules_16)
security_group_id = aws_security_group.this[16].id
type = local.security_group_rules_16[count.index].type
protocol = local.security_group_rules_16[count.index].protocol
from_port = local.security_group_rules_16[count.index].from
to_port = local.security_group_rules_16[count.index].to
cidr_blocks = [local.security_group_rules_16[count.index].cidr_blocks]
description = local.security_group_rules_16[count.index].description
}
resource "aws_security_group_rule" "sg-ssh-access-from-management-vpc" {
count = length(local.security_group_rules_17)
security_group_id = aws_security_group.this[17].id
type = local.security_group_rules_17[count.index].type
protocol = local.security_group_rules_17[count.index].protocol
from_port = local.security_group_rules_17[count.index].from
to_port = local.security_group_rules_17[count.index].to
cidr_blocks = [local.security_group_rules_17[count.index].cidr_blocks]
description = local.security_group_rules_17[count.index].description
}
resource "aws_security_group_rule" "sg-web-access-ports-from-production" {
count = length(local.security_group_rules_18)
security_group_id = aws_security_group.this[18].id
type = local.security_group_rules_18[count.index].type
protocol = local.security_group_rules_18[count.index].protocol
from_port = local.security_group_rules_18[count.index].from
to_port = local.security_group_rules_18[count.index].to
cidr_blocks = [local.security_group_rules_18[count.index].cidr_blocks]
description = local.security_group_rules_18[count.index].description
}
resource "aws_security_group_rule" "AMS-EphemAC-SG" {
count = length(local.security_group_rules_19)
security_group_id = aws_security_group.this[19].id
type = local.security_group_rules_19[count.index].type
protocol = local.security_group_rules_19[count.index].protocol
from_port = local.security_group_rules_19[count.index].from
to_port = local.security_group_rules_19[count.index].to
cidr_blocks = [local.security_group_rules_19[count.index].cidr_blocks]
description = local.security_group_rules_19[count.index].description
}
resource "aws_security_group_rule" "sg-database-access" {
count = length(local.security_group_rules_20)
security_group_id = aws_security_group.this[20].id
type = local.security_group_rules_20[count.index].type
protocol = local.security_group_rules_20[count.index].protocol
from_port = local.security_group_rules_20[count.index].from
to_port = local.security_group_rules_20[count.index].to
cidr_blocks = [local.security_group_rules_20[count.index].cidr_blocks]
description = local.security_group_rules_20[count.index].description
}
resource "aws_security_group_rule" "d-906701493f_controllers" {
count = length(local.security_group_rules_21)
security_group_id = aws_security_group.this[21].id
type = local.security_group_rules_21[count.index].type
protocol = local.security_group_rules_21[count.index].protocol
from_port = local.security_group_rules_21[count.index].from
to_port = local.security_group_rules_21[count.index].to
cidr_blocks = [local.security_group_rules_21[count.index].cidr_blocks]
description = local.security_group_rules_21[count.index].description
}
resource "aws_security_group_rule" "launch-wizard-5" {
count = length(local.security_group_rules_22)
security_group_id = aws_security_group.this[22].id
type = local.security_group_rules_22[count.index].type
protocol = local.security_group_rules_22[count.index].protocol
from_port = local.security_group_rules_22[count.index].from
to_port = local.security_group_rules_22[count.index].to
cidr_blocks = [local.security_group_rules_22[count.index].cidr_blocks]
description = local.security_group_rules_22[count.index].description
}
resource "aws_security_group_rule" "EMRApps-SG_rule_source" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
description = "Synoptek Edge"
source_security_group_id = aws_security_group.this[0].id
security_group_id = aws_security_group.this[1].id
}
resource "aws_security_group_rule" "EMRApps-SG_rule_source_1" {
type = "ingress"
from_port = "8080"
to_port = "8080"
protocol = "tcp"
source_security_group_id = aws_security_group.this[11].id
security_group_id = aws_security_group.this[1].id
}
resource "aws_security_group_rule" "EMR-Database_rule_source" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
description = "Synoptek Edge"
source_security_group_id = aws_security_group.this[0].id
security_group_id = aws_security_group.this[4].id
}
resource "aws_security_group_rule" "Internal-web_SG_rule_source" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
description = "Synoptek Edge"
source_security_group_id = aws_security_group.this[0].id
security_group_id = aws_security_group.this[10].id
}
resource "aws_security_group_rule" "Internal-web_SG_rule_source_1" {
type = "ingress"
from_port = "8080"
to_port = "8080"
protocol = "tcp"
source_security_group_id = aws_security_group.this[11].id
security_group_id = aws_security_group.this[10].id
}
resource "aws_security_group_rule" "EMR-Database_ip_v6" {
type = "ingress"
from_port = "80"
to_port = "80"
protocol = "tcp"
ipv6_cidr_blocks = ["::/0"]
security_group_id = aws_security_group.this[4].id
}
resource "aws_security_group_rule" "sg-app-server-elb_ip_v6" {
type = "ingress"
from_port = "80"
to_port = "80"
protocol = "tcp"
ipv6_cidr_blocks = ["::/0"]
security_group_id = aws_security_group.this[11].id
}
resource "aws_security_group_rule" "sg-app-server-elb_rule_source" {
type = "egress"
from_port = "8080"
to_port = "8080"
protocol = "tcp"
source_security_group_id = aws_security_group.this[1].id
security_group_id = aws_security_group.this[11].id
}
resource "aws_security_group_rule" "sg-app-server-elb-instance_rule_source" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
description = "Synoptek Edge"
source_security_group_id = aws_security_group.this[0].id
security_group_id = aws_security_group.this[13].id
}
resource "aws_security_group_rule" "sg-reverse-proxy-dmz_rule_source" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
description = "Synoptek Edge"
source_security_group_id = aws_security_group.this[0].id
security_group_id = aws_security_group.this[15].id
}
resource "aws_security_group_rule" "sg-database-access_rule_source_1" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
description = "Synoptek Edge"
source_security_group_id = aws_security_group.this[0].id
security_group_id = aws_security_group.this[20].id
}
resource "aws_security_group_rule" "sg-database-access_rule_source_2" {
type = "ingress"
from_port = "3306"
to_port = "3306"
protocol = "tcp"
source_security_group_id = aws_security_group.this[13].id
security_group_id = aws_security_group.this[20].id
}
resource "aws_security_group_rule" "DMZ-SFTP_rule_source" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
description = "Synoptek Edge"
source_security_group_id = aws_security_group.this[0].id
security_group_id = aws_security_group.this[9].id
}
resource "aws_security_group_rule" "d-906701493f_controllers_rule_source" {
type = "ingress"
from_port = 0
to_port = 0
protocol = -1
source_security_group_id = aws_security_group.this[21].id
security_group_id = aws_security_group.this[21].id
}
variable "sg_count" {
default = 24
}
locals {
sg_name = ["test", "test1", so on]
sg_name_tag = ["test", "test1", so on]
security_group_rules = csvdecode(file("${path.module}/csv/Synoptek_Edge.csv"))
security_group_rules_1 = csvdecode(file("${path.module}/csv/EMRApps-SG.csv"))
and so on
]
The other csv files are similar to this
Synoptek-Edge.csv
type,protocol,from,to,cidr_blocks,description
ingress,-1,0,0,10.100.0.0/16,test
ingress,tcp,3389,3389,10.100.10.81/32,test
In my code, there are each resource for each security group rule. I’m trying it to make only one securrity_group_rule resource and put count due to which the code will be short.
I want to make something like this
Synoptek_Edge_Sg = csvdecode(file("${path.module}/csv/Synoptek_Edge.csv"))
AnotherSG = csvdecode(file("${path.module}/csv/antoherSG.csv"))
antoherSG2 = csvdecode(file("${path.module}/csv/antoherSG2.csv"))
variable "Ams_Prod_Sg_List" {
description = "sg_name rules"
type = list(map(string))
default = [
{
sg_name = "Synoptek Edge"
sg_rules = Synoptek_Edge_Sg
sg_tags = [""]
},
{
sg_name = "AnotherSG"
sg_rules = AnotherSG
sg_tags = [""]
},
{
sg_name = "AnotherSG2"
antoherSG2 = antoherSG2
sg_tags = [""]
},
]
}
How can this be possible? Please guide