New module single-port-sg-src

This is a fork version of single-port-sg module to support source_security_group.
fpco · Mar 10, 2020 · 1e2e816 · 1e2e816
1 parent dad0d84
commit 1e2e816
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 4 deletions.
diff --git a/modules/single-port-sg-src/README.md b/modules/single-port-sg-src/README.md
@@ -0,0 +1,3 @@
+## Single Port Security Group Rule
+
+Create an `aws_security_group_rule` to allow ingress on some port.
diff --git a/modules/single-port-sg-src/main.tf b/modules/single-port-sg-src/main.tf
@@ -0,0 +1,67 @@
+/**
+ * ## Single Port Security Group Rule
+ *
+ * Create an `aws_security_group_rule` to allow ingress on some port.
+ *
+ */
+
+variable "security_group_id" {
+  description = "security group to attach the ingress rules to"
+  type        = string
+}
+
+variable "source_security_group" {
+  description = "The SG that this SG allows ingress from"
+  type        = string
+}
+
+variable "description" {
+  description = "Use this string to add a description for the SG rule"
+  type        = string
+}
+
+variable "port" {
+  description = "The port to open"
+  type        = string
+}
+
+variable "tcp" {
+  description = "true/false to enables the tcp ingress"
+  default     = "true"
+  type        = string
+}
+
+variable "udp" {
+  description = "true/false to enables the udp ingress"
+  default     = "false"
+  type        = string
+}
+
+locals {
+  tcp = "${var.tcp ? 1 : 0}"
+  udp = "${var.udp ? 1 : 0}"
+}
+
+# ingress rule for tcp, if enabled
+resource "aws_security_group_rule" "tcp_ingress" {
+  count                 = local.tcp
+  type                  = "ingress"
+  description           = "${var.description} (tcp)"
+  from_port             = var.port
+  to_port               = var.port
+  protocol              = "tcp"
+  security_group_id     = var.security_group_id
+  source_security_group = var.source_security_group
+}
+
+# ingress rule for udp, if enabled
+resource "aws_security_group_rule" "udp_ingress" {
+  count                 = local.udp
+  type                  = "ingress"
+  description           = "${var.description} (udp)"
+  from_port             = var.port
+  to_port               = var.port
+  protocol              = "udp"
+  security_group_id     = var.security_group_id
+  source_security_group = var.source_security_group
+}
diff --git a/modules/single-port-sg-src/versions.tf b/modules/single-port-sg-src/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/modules/single-port-sg/README.md b/modules/single-port-sg/README.md
@@ -1,5 +1,3 @@
 ## Single Port Security Group Rule
 
 Create an `aws_security_group_rule` to allow ingress on some port.
-
-TODO: support both TCP and UDP, use count to enable/disable.
diff --git a/modules/single-port-sg/main.tf b/modules/single-port-sg/main.tf
@@ -3,8 +3,6 @@
  *
  * Create an `aws_security_group_rule` to allow ingress on some port.
  *
- * TODO: support both TCP and UDP, use count to enable/disable.
- *
  */
 
 variable "security_group_id" {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		## Single Port Security Group Rule

		Create an `aws_security_group_rule` to allow ingress on some port.
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,8 +3,6 @@ @@
      *
      * Create an `aws_security_group_rule` to allow ingress on some port.
      *
-     * TODO: support both TCP and UDP, use count to enable/disable.
-     *
      */
     variable "security_group_id" {
@@ Expand Down @@