lancehampton/sg_csv.tf

## sg_csv.tf
# Decode the CSV file into a list of maps
locals {
  sg_rules = csvdecode(file("./sg_rules.csv"))
  sg_names = toset([for rule in local.sg_rules : rule.name])
}

# Create a security group for each unique name
resource "aws_security_group" "sample_sg" {
  for_each = { for name in local.sg_names : name => name }

  name = each.value
}

# Create security group rules based on the CSV file
resource "aws_security_group_rule" "cidr_block_rules" {
  for_each = { for rule in local.sg_rules : rule.id => rule if rule.cidr_block != "" }

  type              = each.value.type
  from_port         = each.value.from_port != "" ? tonumber(each.value.from_port) : 0
  to_port           = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535
  protocol          = each.value.protocol_type
  cidr_blocks       = [each.value.cidr_block]
  security_group_id = aws_security_group.sample_sg[each.value.name].id
  description       = each.value.description
}

resource "aws_security_group_rule" "self_rules" {
  for_each = { for rule in local.sg_rules : rule.id => rule if rule.self != "" }

  type              = each.value.type
  from_port         = each.value.from_port != "" ? tonumber(each.value.from_port) : 0
  to_port           = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535
  protocol          = each.value.protocol_type
  self              = each.value.self == "true" ? true : false
  security_group_id = aws_security_group.sample_sg[each.value.name].id
  description       = each.value.description
}

resource "aws_security_group_rule" "src_sg_rules" {
  for_each = { for rule in local.sg_rules : rule.id => rule if rule.src_sg_id != "" }

  type                     = each.value.type
  from_port                = each.value.from_port != "" ? tonumber(each.value.from_port) : 0
  to_port                  = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535
  protocol                 = each.value.protocol_type
  source_security_group_id = each.value.src_sg_id != "" ? aws_security_group.sample_sg[each.value.src_sg_id].id : ""
  security_group_id        = aws_security_group.sample_sg[each.value.name].id
  description              = each.value.description
}

## sg_rules.csv

          
            id
            name
            description
            from_port
            to_port
            protocol_type
            cidr_block
            self
            src_sg_id
            type

            
              1
              web
              Allow HTTP
              80
              80
              TCP
              10.123.0.0/16
              
              
              ingress

            
              2
              web
              Allow HTTPS
              443
              443
              TCP
              10.123.0.0/16
              
              
              ingress

            
              3
              web
              Allow all egress
              0
              65535
              -1
              0.0.0.0/0
              
              
              egress

            
              4
              db
              Allow MySQL/MariaDB
              3306
              3306
              TCP
              10.0.0.0/16
              
              
              ingress

            
              5
              db
              Allow PostgreSQL
              5432
              5432
              TCP
              10.0.0.0/16
              
              
              ingress

            
              6
              db
              Allow all egress
              0
              65535
              -1
              0.0.0.0/0
              
              
              egress

            
              7
              web
              Allow self
              80
              80
              TCP
              
              true
              
              ingress

            
              8
              db
              Allow web
              3306
              3306
              TCP
              
              
              web
              ingress

## versions.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.16.1"
    }
  }
}

provider "aws" {
  # Configuration options
}
	# Decode the CSV file into a list of maps
	locals {
	sg_rules = csvdecode(file("./sg_rules.csv"))
	sg_names = toset([for rule in local.sg_rules : rule.name])
	}

	# Create a security group for each unique name
	resource "aws_security_group" "sample_sg" {
	for_each = { for name in local.sg_names : name => name }

	name = each.value
	}

	# Create security group rules based on the CSV file
	resource "aws_security_group_rule" "cidr_block_rules" {
	for_each = { for rule in local.sg_rules : rule.id => rule if rule.cidr_block != "" }

	type = each.value.type
	from_port = each.value.from_port != "" ? tonumber(each.value.from_port) : 0
	to_port = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535
	protocol = each.value.protocol_type
	cidr_blocks = [each.value.cidr_block]
	security_group_id = aws_security_group.sample_sg[each.value.name].id
	description = each.value.description
	}

	resource "aws_security_group_rule" "self_rules" {
	for_each = { for rule in local.sg_rules : rule.id => rule if rule.self != "" }

	type = each.value.type
	from_port = each.value.from_port != "" ? tonumber(each.value.from_port) : 0
	to_port = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535
	protocol = each.value.protocol_type
	self = each.value.self == "true" ? true : false
	security_group_id = aws_security_group.sample_sg[each.value.name].id
	description = each.value.description
	}

	resource "aws_security_group_rule" "src_sg_rules" {
	for_each = { for rule in local.sg_rules : rule.id => rule if rule.src_sg_id != "" }

	type = each.value.type
	from_port = each.value.from_port != "" ? tonumber(each.value.from_port) : 0
	to_port = each.value.to_port != "" ? tonumber(each.value.to_port) : 65535
	protocol = each.value.protocol_type
	source_security_group_id = each.value.src_sg_id != "" ? aws_security_group.sample_sg[each.value.src_sg_id].id : ""
	security_group_id = aws_security_group.sample_sg[each.value.name].id
	description = each.value.description
	}
id	name	description	from_port	to_port	protocol_type	cidr_block	self	src_sg_id	type
1	web	Allow HTTP	80	80	TCP	10.123.0.0/16			ingress
2	web	Allow HTTPS	443	443	TCP	10.123.0.0/16			ingress
3	web	Allow all egress	0	65535	-1	0.0.0.0/0			egress
4	db	Allow MySQL/MariaDB	3306	3306	TCP	10.0.0.0/16			ingress
5	db	Allow PostgreSQL	5432	5432	TCP	10.0.0.0/16			ingress
6	db	Allow all egress	0	65535	-1	0.0.0.0/0			egress
7	web	Allow self	80	80	TCP		true		ingress
8	db	Allow web	3306	3306	TCP			web	ingress
	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = "5.16.1"
	}
	}
	}

	provider "aws" {
	# Configuration options
	}