Last active
October 2, 2023 23:15
-
-
Save lancehampton/1774aed65c3445809991d93548a6ba03 to your computer and use it in GitHub Desktop.
Build AWS Security Groups with Terraform and CSV
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Decode the CSV file into a list of maps | |
locals { | |
sg_rules = csvdecode(file("./sg_rules.csv")) | |
sg_names = toset([for rule in local.sg_rules : rule.name]) | |
} | |
# Create a security group for each unique name | |
resource "aws_security_group" "sample_sg" { | |
for_each = { for name in local.sg_names : name => name } | |
name = each.value | |
} | |
# Create security group rules based on the CSV file | |
resource "aws_security_group_rule" "cidr_block_rules" { | |
for_each = { for rule in local.sg_rules : rule.id => rule if rule.cidr_block != "" } | |
type = each.value.type | |
from_port = each.value.from_port != "" ? tonumber(each.value.from_port) : 0 | |
to_port = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535 | |
protocol = each.value.protocol_type | |
cidr_blocks = [each.value.cidr_block] | |
security_group_id = aws_security_group.sample_sg[each.value.name].id | |
description = each.value.description | |
} | |
resource "aws_security_group_rule" "self_rules" { | |
for_each = { for rule in local.sg_rules : rule.id => rule if rule.self != "" } | |
type = each.value.type | |
from_port = each.value.from_port != "" ? tonumber(each.value.from_port) : 0 | |
to_port = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535 | |
protocol = each.value.protocol_type | |
self = each.value.self == "true" ? true : false | |
security_group_id = aws_security_group.sample_sg[each.value.name].id | |
description = each.value.description | |
} | |
resource "aws_security_group_rule" "src_sg_rules" { | |
for_each = { for rule in local.sg_rules : rule.id => rule if rule.src_sg_id != "" } | |
type = each.value.type | |
from_port = each.value.from_port != "" ? tonumber(each.value.from_port) : 0 | |
to_port = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535 | |
protocol = each.value.protocol_type | |
source_security_group_id = each.value.src_sg_id != "" ? aws_security_group.sample_sg[each.value.src_sg_id].id : "" | |
security_group_id = aws_security_group.sample_sg[each.value.name].id | |
description = each.value.description | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
id | name | description | from_port | to_port | protocol_type | cidr_block | self | src_sg_id | type | |
---|---|---|---|---|---|---|---|---|---|---|
1 | web | Allow HTTP | 80 | 80 | TCP | 10.123.0.0/16 | ingress | |||
2 | web | Allow HTTPS | 443 | 443 | TCP | 10.123.0.0/16 | ingress | |||
3 | web | Allow all egress | 0 | 65535 | -1 | 0.0.0.0/0 | egress | |||
4 | db | Allow MySQL/MariaDB | 3306 | 3306 | TCP | 10.0.0.0/16 | ingress | |||
5 | db | Allow PostgreSQL | 5432 | 5432 | TCP | 10.0.0.0/16 | ingress | |||
6 | db | Allow all egress | 0 | 65535 | -1 | 0.0.0.0/0 | egress | |||
7 | web | Allow self | 80 | 80 | TCP | true | ingress | |||
8 | db | Allow web | 3306 | 3306 | TCP | web | ingress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_providers { | |
aws = { | |
source = "hashicorp/aws" | |
version = "5.16.1" | |
} | |
} | |
} | |
provider "aws" { | |
# Configuration options | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment