Added new code

nitinda · Nov 30, 2019 · e3813c9 · e3813c9
1 parent 8a6e830
commit e3813c9
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 31 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,53 @@ To use this module, add the following call to your code:
 module "<layer>-security-group-<AccountID>" {
   source = "git::https://github.com/nitinda/terraform-module-aws-security-group.git?ref=terraform-12/master"
 
+  providers = {
+    aws = aws.services
+  }
+
+  # Tags
+  common_tags = merge(
+    var.common_tags,
+    {
+      "Name"      = "service-sg"
+      "ManagedBy" = "Terraform"
+    },
+  )
+
+  # Security Groups
+  name_prefix            = "service-sg-"
+  description            = "Code Build EC2 Instance security group that allows traffic from whitelisted ips"
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = true
+  ingress_rules = [
+    {
+      from_port        = 22
+      to_port          = 22
+      protocol         = "tcp"
+      description      = "Ingress rule that allows traffic from subnets"
+      cidr_blocks      = [ var.vpc_cidr ]
+      self             = false
+      security_groups  = []
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+    }
+  ]
+  egress_rules = [
+    {
+      from_port       = 0
+      to_port         = 0
+      protocol        = "-1"
+      cidr_blocks     = ["0.0.0.0/0"]
+      description     = "The egress rule allows all ports"
+      security_groups = ""
+      self             = false
+      security_groups  = []
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+    },
+  ]
+}
+
 
 }
 ```
@@ -63,8 +110,8 @@ The variables required in order for the module to be successfully called from th
 | vpc_id                        | VPC ID                                      | String          |
 | common_tags                   | Tag                                         | map             |
 | revoke_rules_on_delete        | Instruct Terraform to revoke                | string          |
-| ingress                       | Ingress Rules                               | list of maps    |
-| egress                        | Egress Rules                                | list of maps    |
+| ingress_rules                 | Ingress Rules                               | list of maps    |
+| egress_rules                  | Egress Rules                                | list of maps    |
 
 
 

diff --git a/security-groups.tf b/security-groups.tf
@@ -3,35 +3,9 @@ resource "aws_security_group" "security_group" {
   description            = var.description
   vpc_id                 = var.vpc_id
   revoke_rules_on_delete = var.revoke_rules_on_delete 
-
-  // dynamic "ingress" {
-  //   for_each = var.ingress_rules
-  //   content {
-  //     from_port       = ingress.value["from_port"]
-  //     to_port         = ingress.value["to_port"]
-  //     protocol        = ingress.value["protocol"]
-  //     cidr_blocks     = [ingress.value["cidr_blocks"]]
-  //     description     = ingress.value["description"]
-  //     self            = ingress.value["self"]
-  //     // security_groups = [split(",",ingress.value["security_groups"])]
-  //   }
-  // }
-
-  ingress = var.ingress_rules
-
-  // dynamic "egress" {
-  //   for_each = var.egress_rules
-  //   content {
-  //     from_port       = egress.value["from_port"]
-  //     to_port         = egress.value["to_port"]
-  //     protocol        = egress.value["protocol"]
-  //     cidr_blocks     = [egress.value["cidr_blocks"]]
-  //     description     = egress.value["description"]
-  //     security_groups = [egress.value["security_groups"]]
-  //   }
-  // }
-
-  tags = var.common_tags
+  ingress                = var.ingress_rules
+  egress                 = var.egress_rules
+  tags                   = var.common_tags
 
   lifecycle {
     create_before_destroy = true