Merge pull request #1 from sourcefuse/feature/sg-module

Security Group Module
sourcefuse · Dec 10, 2024 · d022ca4 · d022ca4
2 parents 8a881ef + 0b4a945
commit d022ca4
Show file tree

Hide file tree

Showing 17 changed files with 430 additions and 164 deletions.
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
@@ -1,35 +1,35 @@
 ---
 name: snyk
 
-on:                # yamllint disable-line rule:truthy
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
-      - "**"        # matches every branch
-      - "!main"     # excludes main
+      - '**'     # matches every branch
+      - '!main'  # excludes main
   pull_request:
     branches:
       - main
 
 jobs:
   security:
     runs-on:
-      - arc
+      - ubuntu-latest
     name: snyk
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
       - name: Vulnerability scan
         uses: snyk/actions/iac@master
         with:
           command: monitor
           args: --severity-threshold=low
-      - name: Set up Node 18
+      - name: Set up Node 16
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 16
       - name: install Snyk CLI
         run: npm install -g snyk
       - name: snyk monitor
-        run: snyk iac test --report --severity-threshold=medium
+        run: snyk iac test --report
         env:
           SNYK_TOKEN: ${{ secrets.ARC_SNYK_TOKEN }}
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
@@ -1,6 +1,6 @@
 ---
 name: Bump version
-on: # yamllint disable-line rule:truthy
+on:        # yamllint disable-line rule:truthy
   push:
     branches:
       - main

diff --git a/.github/workflows/tflint.yml → .github/workflows/test.yml b/.github/workflows/tflint.yml → .github/workflows/test.yml
@@ -1,19 +1,19 @@
 ---
 name: Test
 
-on:                 # yamllint disable-line rule:truthy
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
-      - "**"        # matches every branch
-      - "!main"     # excludes main
+      - '**'     # matches every branch
+      - '!main'  # excludes main
   pull_request:
     branches:
       - main
 
 jobs:
   tflint:
     runs-on:
-      - arc
+      - ubuntu-latest
     name: tflint
     steps:
       - uses: actions/checkout@master

diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml
@@ -0,0 +1,50 @@
+---
+name: Update-docs
+on:              # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+jobs:
+  transfer-file:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Pushes Readme file
+        uses: dmnemec/copy_file_to_another_repo_action@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          API_TOKEN_GITHUB: ${{ secrets.ARC_DOCS_API_TOKEN_GITHUB }}
+        with:
+          source_file: 'README.md'
+          destination_repo: 'sourcefuse/arc-docs'
+          destination_folder: 'docs/arc-iac-docs/modules/terraform-aws-arc-db'
+          user_email: '[email protected]'
+          user_name: ${{ github.actor }}
+          commit_message: ${{ github.event.head_commit.message }}
+      - name: Pushes to another repository
+        uses: cpina/github-action-push-to-another-repository@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          API_TOKEN_GITHUB: ${{ secrets.ARC_DOCS_API_TOKEN_GITHUB }}
+        with:
+          source-directory: 'static'
+          destination-github-username: 'sourcefuse'
+          destination-repository-name: 'arc-docs'
+          target-directory: 'docs/arc-iac-docs/modules/terraform-aws-arc-db/static'
+          user-email: '[email protected]'
+          user-name: ${{ github.actor }}
+          target-branch: main
+          commit-message: ${{ github.event.head_commit.message }}
+      - name: Pushes Module Usage Guide
+        uses: dmnemec/copy_file_to_another_repo_action@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          API_TOKEN_GITHUB: ${{ secrets.ARC_DOCS_API_TOKEN_GITHUB }}
+        with:
+          source_file: 'docs/module-usage-guide/README.md'
+          destination_repo: 'sourcefuse/arc-docs'
+          destination_folder: 'docs/arc-iac-docs/modules/terraform-aws-arc-db/docs/module-usage-guide'
+          user_email: '[email protected]'
+          user_name: ${{ github.actor }}
+          commit_message: ${{ github.event.head_commit.message }}
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -1,16 +1,81 @@
-# terraform-aws-module-template
+![Module Structure](./static/banner.png)
+# [terraform-aws-arc-security-group](https://github.com/sourcefuse/terraform-aws-arc-security-group)
 
-## Overview
+<a href="https://github.com/sourcefuse/terraform-aws-arc-security-group/releases/latest"><img src="https://img.shields.io/github/release/sourcefuse/terraform-aws-arc-security-group.svg?style=for-the-badge" alt="Latest Release"/></a> <a href="https://github.com/sourcefuse/terraform-aws-arc-security-group/commits"><img src="https://img.shields.io/github/last-commit/sourcefuse/terraform-aws-arc-security-group.svg?style=for-the-badge" alt="Last Updated"/></a> ![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge&logo=terraform&logoColor=white) ![GitHub Actions](https://img.shields.io/badge/github%20actions-%232671E5.svg?style=for-the-badge&logo=githubactions&logoColor=white)
 
-SourceFuse AWS Reference Architecture (ARC) Terraform module for managing _________.
+[![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=sourcefuse_terraform-aws-arc-security-group&token=0e57ba3902cccbb2b9c0585a9859bccbf2d00e3c)](https://sonarcloud.io/summary/new_code?id=sourcefuse_terraform-aws-arc-security-group)
 
-## Usage
+[![Known Vulnerabilities](https://github.com/sourcefuse/terraform-aws-arc-security-group/actions/workflows/snyk.yaml/badge.svg)](https://github.com/sourcefuse/terraform-aws-arc-security-group/actions/workflows/snyk.yaml)
+
+## Introduction
+
+The SourceFuse AWS Reference Architecture (ARC) Terraform module for creating and managing AWS security groups with customizable rules. It simplifies defining inbound and outbound rules for specific protocols, ports, and CIDR ranges, ensuring secure and efficient network traffic control in your infrastructure.
+
+For more information about this repository and its usage, please see [Terraform AWS ARC Security Group Module Usage Guide](docs/module-usage-guide/README.md).
 
-To see a full example, check out the [main.tf](./example/main.tf) file in the example folder.  
+### Prerequisites
+Before using this module, ensure you have the following:
+
+- AWS credentials configured.
+- Terraform installed.
+- A working knowledge of Terraform.
+
+## Usage
+See the `examples` folder for a complete example.
 
 ```hcl
-module "this" {
-  source = "git::https://github.com/sourcefuse/terraform-aws-refarch-<module_name>"
+
+locals {
+  security_group_data = {
+    create      = true
+    description = "Security Group for Loadbalancer"
+
+    ingress_rules = [
+      {
+        description = "Allow VPC traffic"
+        cidr_block  = data.aws_vpc.this.cidr_block
+        from_port   = 0
+        ip_protocol = "tcp"
+        to_port     = 65535
+      },
+      {
+        description = "Allow traffic from self"
+        self        = true
+        from_port   = 0
+        ip_protocol = "tcp"
+        to_port     = 65535
+      },
+      {
+        description              = "Allow traffic from security group"
+        source_security_group_id = data.aws_security_group.default.id
+        from_port                = 0
+        ip_protocol              = "tcp"
+        to_port                  = 65535
+      }
+    ]
+
+    egress_rules = [
+      {
+        description = "Allow all outbound traffic"
+        cidr_block  = "0.0.0.0/0"
+        from_port   = -1
+        ip_protocol = "-1"
+        to_port     = -1
+      }
+    ]
+  }
+}
+
+module "arc_security_group" {
+  source  = "sourcefuse/arc-security-group/aws"
+  version = "0.0.1"
+
+  name          = "${var.namespace}-${var.environment}-sg"
+  vpc_id        = data.aws_vpc.this.id
+  ingress_rules = local.security_group_data.ingress_rules
+  egress_rules  = local.security_group_data.egress_rules
+
+  tags = module.tags.tags
 }
 ```
 
@@ -19,28 +84,43 @@ module "this" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3, < 2.0.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | > 1.4, < 2.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.80.0 |
 
 ## Modules
 
 No modules.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_vpc_security_group_egress_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_description"></a> [description](#input\_description) | (optional) Description of Security Group | `string` | `null` | no |
+| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | (optional) List of egress rules for the security group. | <pre>list(object({<br>    description                   = optional(string, null)<br>    cidr_block                    = optional(string, null)<br>    destination_security_group_id = optional(string, null)<br>    from_port                     = number<br>    ip_protocol                   = string<br>    to_port                       = string<br>    prefix_list_id                = optional(string, null)<br>  }))</pre> | `[]` | no |
+| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | (optional) List of ingress rules for the security group. | <pre>list(object({<br>    description              = optional(string, null)<br>    cidr_block               = optional(string, null)<br>    source_security_group_id = optional(string, null)<br>    from_port                = number<br>    ip_protocol              = string<br>    to_port                  = string<br>    self                     = optional(bool, false)<br>  }))</pre> | `[]` | no |
+| <a name="input_name"></a> [name](#input\_name) | Security Group name | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags for Security Group | `map(string)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC Id for creating security group | `string` | n/a | yes |
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | Security Group ID |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Versioning