Creating more than one ingress rule
6,219 views
Skip to first unread message
Henry Franco
Oct 16, 2018, 2:24:09 PM10/16/18
to Terraform
Is there a way to parameterize the aws_security_group resource so we can create more than one ingress rule?
resource "aws_security_group" "main" {
name = "${var.sg_name}"
description = "${var.sg_description}"
vpc_id = "${var.vpc_id}"
ingress {
from_port = "${var.sg_from_port}"
to_port = "${var.sg_to_port}"
protocol = "${var.sg_protocol}"
cidr_blocks = "${var.sg_subnet_cidr}"
}
Lowe Schmidt
Oct 16, 2018, 3:57:26 PM10/16/18
to terrafo...@googlegroups.com
No, you can have multiple ingress {} blocks however, or use the separate aws_security_group_rule resource (I'd recommend it as to avoid annoying circular dependencies in your graph)
--
Lowe Schmidt | +46 723 867 157
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/17456aa6-d66e-4c28-870f-a8c686420430%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
vijay sharma
Oct 17, 2018, 10:26:19 AM10/17/18
to Terraform
You can add multiple ingress rules : For example look at this . instead of hardcoding port you can still use variable for defining it .
resource "aws_security_group" "webnginx" {
name = "web-nginx"
description = "Nginx Web Server Security Group"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.HostIp}"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["${var.HostIp}"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.PvtIp}"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
Henry Franco
Oct 17, 2018, 10:30:15 AM10/17/18
to terrafo...@googlegroups.com
Ideally I'd like to a create a single rule and parameterize it instead of creating multiple ingress rules.
--
Henry
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/37861828-e977-4255-be64-48cc1e2690d7%40googlegroups.com.
Lowe Schmidt
Oct 17, 2018, 1:16:19 PM10/17/18
to terrafo...@googlegroups.com
That you can’t until 0.12 is released.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAHTVg-FVsnv61pa8Vg7zfRo6%3DsMwTMB-heHjX4gghD%2BFcvuEfg%40mail.gmail.com.
Balaji Rangarajan
Feb 28, 2019, 2:33:20 AM2/28/19
to Terraform
Is there any timeline when 0.12 will be out or do we have access to alpha/beta for the same. i could see 0.11.11 is shown as download option on terraform.io
robo
Feb 28, 2019, 2:08:59 PM2/28/19
to Terraform
We do something like this to get variable rules and matching descriptions using a map. This is sudo code as I cut it down extensively to make it easier to read.
variable "sg_my_cidrs" { type = "map" description = "cidr blocks for access in security groups" default = { cidr1 = "10.1.0.0/16" cidr2 = "10.2.0.0/16" cidr3 = "10.3.0.0/16" }
}
resource "aws_security_group" "my-sg" { name = "my-sg" description = "my security group" vpc_id = "12345" tags { Name = "my-sg" }}
// The key becomes the description
resource "aws_security_group_rule" "my-sg" { count = "${length(var.sg_my_cidrs)}" security_group_id = "${aws_security_group.my-sg.id}" type = "ingress" from_port = 0 to_port = 0 protocol = "ALL" cidr_blocks = [ "${lookup(var.sg_my_cidrs, element(keys(var.sg_my_cidrs), count.index))}" ] description = "${element(keys(var.sg_my_cidrs), count.index)}"}Enter code here...Reply all
Reply to author
Forward
0 new messages