Uly.me

cloud engineer

security group

AWS Terraform Security Group

How to create AWS security groups using Terraform.

resource "aws_security_group" "my-security-group" {
  name        = "my-security-group"
  description = "allow ports"
  vpc_id      = aws_vpc.my-vpc.id
 
  ingress {
    description = "ping"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    description = "http"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    description = "https"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "ALL"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "my-security-group"
  }
}

Terraform AWS Security Group

How to create a security group in AWS via Terraform.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}
 
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
 
resource "aws_security_group" "my_sg" {
  vpc_id       = "vpc-xxxxxxxxxxxxxxxxx"
  name         = "My Security Group"
  description  = "My Security Group"
  ingress {
	from_port   = 8088
	to_port     = 8088
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
        Name = "My Security Group"
  }  
}

Terraform Launch EC2 Instance

Here’s the template for launching an EC2 instance via Terraform.

provider "aws" {
  region                  = "us-east-1"
  shared_credentials_file = "/home/username/.aws/credentials"
  profile                 = "default"
}
resource "aws_security_group" "hostname-sg" {
	name = "allow ssh"
	vpc_id = ""
	ingress {
		cidr_blocks = [ "10.0.0.0/8" ]
		from_port = 22
		to_port = 22
		protocol = "tcp"
	}
	egress {
		from_port = 0
		to_port = 0
		protocol = "-1"
		cidr_blocks = [ "0.0.0.0/0" ]
	}
}
resource "aws_instance" "hostname" {
	ami = "ami-xxxxxxxxxx"
	key_name = "your-key"
	instance_type = "t2.large"
	subnet_id = "subnet-xxxxxxxx"
	security_groups	= ["${aws_security_group.hostname-sg.id}"]
	tags {
		Name = "hostname"
		Environment = "development"
	}
}