search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.64k stars 9.02k forks source link

Auto aws_security_group_rule #6878

Closed ghost closed 5 years ago

ghost commented 5 years ago

This issue was originally opened by @lpolone as hashicorp/terraform#19654. It was migrated here as a result of the provider split. The original body of the issue is below.

I am trying to create a module for aws_security_group and another one to aws_security_group_rule, like this:


 "aws_security_group" "resource_sg" {
  count = "${var.create ? length(var.auto_rules[var.sg_regra]) : 0}"

  name         = "${var.sg_regra}-${count.index}"
  description  = "sg-${var.sg_regra}-${count.index}"
  vpc_id       = "${element(var.vpc_id, count.index)}"

  tags {
    Name       = "sg-${var.sg_regra}-${count.index+1}"
  }
}
resource "aws_security_group_rule" "ingress_rules" {
  count             = "${var.create ? 6 : 0}"

  type              = "ingress"
  from_port         = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 0)}"
  to_port           = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 1)}"
  protocol          = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 2)}"
  cidr_blocks       = ["0.0.0.0/0"]
  description       = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 3)}"
  security_group_id = "${element(var.sg_id)}"
}

And i have map variables to each field:

variable "ingress_rules" {
  type = "map"

  default = {
    http-80-tcp   = [80, 80, "tcp", "http"]
    http-443-tcp  = [443, 443, "tcp", "https"]
    ssh-22-tcp    = [22, 22, "tcp", "ssh"]
    ftp-21-tcp    = [21, 21, "tcp", "ftp"]
  }
}

variable "auto_ingress_rules" {
  type = "map"

  default = {
    goku      = ["http-80-tcp", "http-443-tcp", "ssh-22-tcp"]
    vegeta    = ["ssh-22-tcp", "http-80-tcp"]
  }
}

variable "auto_rules" {
  type = "map"

  default = {
    dev   = ["goku"]
    stage = ["goku"]
    prod  = ["goku", "vegeta"]
  }
}

My doubt is, how i turn auto create many aws_security_group_rules for each aws_security_group that i will create? I cant find the simple solution for that, thanks.

tracypholmes commented 5 years ago

Thank you for using Terraform and for opening up this question. Issues on GitHub are intended to be related to bugs or feature requests with the provider codebase. Please use https://discuss.hashicorp.com/c/terraform-core for community discussions, and questions around Terraform.

If you believe that your issue was miscategorized as a question or closed in error, please create a new issue using one of the following provided templates: bug report or feature request. Please make sure to provide us with the appropriate information so we can best determine how to assist with the given issue.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!