sg: core module for security group

Author: souradeepmoe

security_group/README.md

@@ -0,0 +1,25 @@
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cluster | Cluster Name | string | n/a | yes |
+| created\_by | Created By | string | n/a | yes |
+| environment | Environment | string | n/a | yes |
+| vpc_id | VPC ID | string | n/a | yes |
+| resource_type | Resource Type (public/private/cluster) | string | n/a | yes |
+| resource_group | Resource Group | string | n/a | yes |
+| create_before_destroy | Create SG before destroying | bool | true | no |
+| sg_description | The security group description | string | n/a | yes |
+| allow_all_egress | Add an allow all egress rule to the SG | bool | true | no |
+
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| id | The ID of the security group |
+| arn | The ARN of the security group |
+| vpc_id | The VPC ID |
+| owner_id | The owner ID |
+| name | The name of the security group |
+| description | The description of the security group |

security_group/data.tf

@@ -0,0 +1 @@
+data "aws_region" "current" {}

security_group/locals.tf

@@ -0,0 +1,14 @@
+locals {
+  resource_identifier = lower("${var.cluster}-${var.resource_group}-${var.resource_type}-sg")
+
+  default_tags = {
+    ManagedBy     = "terraform"
+    Region        = lower(data.aws_region.current.name)
+    CreatedBy     = lower(var.created_by)
+    Cluster       = lower(var.cluster)
+    Environment   = lower(var.environment)
+    Name          = local.resource_identifier
+    ResourceType  = lower(var.resource_type)
+    ResourceGroup = lower(var.resource_group)
+  }
+}

security_group/outputs.tf

@@ -0,0 +1,23 @@
+output id {
+  value = aws_security_group.base_sg.id
+}
+
+output arn {
+  value = aws_security_group.base_sg.arn
+}
+
+output vpc_id {
+  value = aws_security_group.base_sg.vpc_id
+}
+
+output owner_id {
+  value = aws_security_group.base_sg.owner_id
+}
+
+output name {
+  value = aws_security_group.base_sg.name
+}
+
+output description {
+  value = aws_security_group.base_sg.description
+}

security_group/security_group.tf

@@ -0,0 +1,19 @@
+resource "aws_security_group" "base_sg" {
+  name        = local.resource_identifier
+  vpc_id      = var.vpc_id
+  description = var.sg_description
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "all_egress" {
+  type              = "egress"
+  count             = var.allow_all_egress ? 1 : 0
+  security_group_id = aws_security_group.base_sg.id
+  cidr_blocks       = ["0.0.0.0/0"]
+  from_port         = 0
+  to_port           = 0
+  protocol          = "-1"
+}

security_group/variables.tf

@@ -0,0 +1,39 @@
+variable cluster {
+  description = "Cluster Name"
+}
+
+variable created_by {
+  description = "Created By"
+}
+
+variable environment {
+  description = "Environment"
+}
+
+variable vpc_id {
+  description = "VPC ID"
+}
+
+variable resource_type {
+  description = "Resource Type (public/private/cluster)"
+}
+
+variable resource_group {
+  description = "Resource Group (service name)"
+}
+
+variable create_before_destroy {
+  type        = bool
+  default     = true
+  description = "Create SG before destroying"
+}
+
+variable sg_description {
+  description = "The security group description"
+}
+
+variable allow_all_egress {
+  type        = bool
+  default     = true
+  description = "Add an allow all egress rule to the SG"
+}

security_group/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}