gswallow/security_group.tf

## security_group.tf
variable "tcp" { default = [42, 53, 88, 135, 137, 139, 389, 445, 636, 1512, 3268, 3269] }
variable "udp" { default = [42, 53, 88, 135, 137, 138, 389, 445, 1512] }

resource "aws_security_group" "active_directory" {
  name = "active_directory"
  description = "Allow AD Protocols"
  vpc_id = "${module.aws_networks.vpc}"
  tags {
    Name = "active_directory_sg"
  }
}

resource "aws_security_group_rule" "allow_ad_udp" {
  count = "${length(var.udp)}"
  type = "ingress"
  from_port = "${element(var.udp, count.index)}"
  to_port = "${element(var.udp, count.index)}"
  protocol = "UDP"
  cidr_blocks = [ "0.0.0.0/0" ]
  security_group_id = "${aws_security_group.active_directory.id}"
}

resource "aws_security_group_rule" "allow_ad_tcp" {
  count = "${length(var.tcp)}"
  type = "ingress"
  from_port = "${element(var.tcp, count.index)}"
  to_port = "${element(var.tcp, count.index)}"
  protocol = "TCP"
  cidr_blocks = [ "0.0.0.0/0" ]
  security_group_id = "${aws_security_group.active_directory.id}"
}

resource "aws_security_group_rule" "rdp" {
  type = "ingress"
  from_port = 3389
  to_port = 3389
  protocol = "TCP"
  cidr_blocks = [ "${var.SSH_CIDR}" ]
  security_group_id = "${aws_security_group.active_directory.id}"
}

resource "aws_security_group_rule" "talk_to_self" {
  type = "ingress"
  from_port = 0
  to_port = 0
  protocol = "-1"
  self = true
  security_group_id = "${aws_security_group.active_directory.id}"
}

resource "aws_security_group_rule" "egress" {
  type = "egress"
  from_port = 0
  to_port = 0
  protocol = "-1"
  cidr_blocks = [ "0.0.0.0/0" ]
  security_group_id = "${aws_security_group.active_directory.id}"
}
	variable "tcp" { default = [42, 53, 88, 135, 137, 139, 389, 445, 636, 1512, 3268, 3269] }
	variable "udp" { default = [42, 53, 88, 135, 137, 138, 389, 445, 1512] }

	resource "aws_security_group" "active_directory" {
	name = "active_directory"
	description = "Allow AD Protocols"
	vpc_id = "${module.aws_networks.vpc}"
	tags {
	Name = "active_directory_sg"
	}
	}

	resource "aws_security_group_rule" "allow_ad_udp" {
	count = "${length(var.udp)}"
	type = "ingress"
	from_port = "${element(var.udp, count.index)}"
	to_port = "${element(var.udp, count.index)}"
	protocol = "UDP"
	cidr_blocks = [ "0.0.0.0/0" ]
	security_group_id = "${aws_security_group.active_directory.id}"
	}

	resource "aws_security_group_rule" "allow_ad_tcp" {
	count = "${length(var.tcp)}"
	type = "ingress"
	from_port = "${element(var.tcp, count.index)}"
	to_port = "${element(var.tcp, count.index)}"
	protocol = "TCP"
	cidr_blocks = [ "0.0.0.0/0" ]
	security_group_id = "${aws_security_group.active_directory.id}"
	}

	resource "aws_security_group_rule" "rdp" {
	type = "ingress"
	from_port = 3389
	to_port = 3389
	protocol = "TCP"
	cidr_blocks = [ "${var.SSH_CIDR}" ]
	security_group_id = "${aws_security_group.active_directory.id}"
	}

	resource "aws_security_group_rule" "talk_to_self" {
	type = "ingress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	self = true
	security_group_id = "${aws_security_group.active_directory.id}"
	}

	resource "aws_security_group_rule" "egress" {
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = [ "0.0.0.0/0" ]
	security_group_id = "${aws_security_group.active_directory.id}"
	}