Creating more than one ingress rule

[Henry Franco]

Is there a way to parameterize the aws_security_group resource so we can create more than one ingress rule?

resource "aws_security_group" "main" {
  name                   = "${var.sg_name}"
  description            = "${var.sg_description}"
  vpc_id                 = "${var.vpc_id}"


  ingress {
    from_port            = "${var.sg_from_port}"
    to_port              = "${var.sg_to_port}"
    protocol             = "${var.sg_protocol}"
    cidr_blocks          = "${var.sg_subnet_cidr}"
  }

[Lowe Schmidt]

No, you can have multiple ingress {} blocks however, or use the separate aws_security_group_rule resource (I'd recommend it as to avoid annoying circular dependencies in your graph)

--

Lowe Schmidt | +46 723 867 157

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/17456aa6-d66e-4c28-870f-a8c686420430%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[vijay sharma]

You can add multiple ingress rules : For example look at this . instead of hardcoding port you can still use variable for defining it .

resource "aws_security_group" "webnginx" {

  name        = "web-nginx"

  description = "Nginx Web Server Security Group"

  ingress {

    from_port   = 22

    to_port     = 22

    protocol    = "tcp"

    cidr_blocks = ["${var.HostIp}"]

  }

  ingress {

    from_port   = 80

    to_port     = 80

    protocol    = "tcp"

    cidr_blocks = ["${var.HostIp}"]

  }

  ingress {

    from_port   = 22

    to_port     = 22

    protocol    = "tcp"

    cidr_blocks = ["${var.PvtIp}"]

  }

  egress {

    from_port   = 0

    to_port     = 0

    protocol    = "-1"

    cidr_blocks = ["0.0.0.0/0"]

[Henry Franco]

Ideally I'd like to a create a single rule and parameterize it instead of creating multiple ingress rules.

--

Henry

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/37861828-e977-4255-be64-48cc1e2690d7%40googlegroups.com.

[Lowe Schmidt]

That you can’t until 0.12 is released. 

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAHTVg-FVsnv61pa8Vg7zfRo6%3DsMwTMB-heHjX4gghD%2BFcvuEfg%40mail.gmail.com.

[Balaji Rangarajan]

Is there any timeline when 0.12 will be out or do we have access to alpha/beta for the same. i could see 0.11.11 is shown as download option on terraform.io

[robo]

We do something like this to get variable rules and matching descriptions using a map.  This is sudo code as I cut it down extensively to make it easier to read.

variable "sg_my_cidrs" {

  type = "map"

  description = "cidr blocks for access in security groups"

  default = {

    cidr1 = "10.1.0.0/16"

    cidr2 = "10.2.0.0/16"

    cidr3 = "10.3.0.0/16"

  }

}

resource "aws_security_group" "my-sg" {

  name = "my-sg"

  description = "my security group"

  vpc_id = "12345"

  tags {

    Name = "my-sg"

  }

}

// The key becomes the description
resource "aws_security_group_rule" "my-sg" {

  count = "${length(var.sg_my_cidrs)}"

  security_group_id = "${aws_security_group.my-sg.id}"

  type = "ingress"

  from_port = 0

  to_port = 0

  protocol = "ALL"

  cidr_blocks = [ "${lookup(var.sg_my_cidrs, element(keys(var.sg_my_cidrs), count.index))}" ]

  description = "${element(keys(var.sg_my_cidrs), count.index)}"

}

Enter code here...

This might give you some ideas of what you might do with ports along the same lines.