Added Security Group Module

opensource4learn · opensource4learn · commit 9ec969f6d02b · 2021-04-29T22:26:12.000+05:30
diff --git a/main.tf b/main.tf
@@ -44,13 +44,21 @@ module "nat_gateway" {
 }
 
 # AWS VPC Subnets Module - Private Subnet
-# module "private_subnet" {
-#   source                  = "./modules/subnets"
-#   vpc_id                  = aws_vpc.vpc.id
-#   aws_nat_gateway_id      = module.nat_gateway.nat_gateway_ids
-#   cidr                    = var.cidr
-#   prefix                  = var.prefix
-#   environment             = var.environment
-#   subnet_bits             = var.subnet_bits
-#   subnet_type             = ["private", "storage"]
-# }
+module "private_subnet" {
+  source                  = "./modules/subnets"
+  vpc_id                  = aws_vpc.vpc.id
+  aws_nat_gateway_id      = module.nat_gateway.nat_gateway_ids
+  cidr                    = var.cidr
+  prefix                  = var.prefix
+  environment             = var.environment
+  subnet_bits             = var.subnet_bits
+  subnet_type             = ["private", "storage"]
+}
+
+# AWS VPC Security Groups Module
+module "security_group" {
+  source        = "./modules/security-groups"
+  vpc_id        = aws_vpc.vpc.id
+  prefix        = var.prefix
+  environment   = var.environment
+}
diff --git a/modules/security-groups/README.md b/modules/security-groups/README.md
@@ -0,0 +1 @@
+# Security Group Module
diff --git a/modules/security-groups/main.tf b/modules/security-groups/main.tf
@@ -0,0 +1,68 @@
+# AWS Public Security Group
+module "public_security_group" {
+  source          = "./resources"
+  vpc_id          = var.vpc_id
+  prefix          = var.prefix
+  environment     = var.environment
+  sg_type         = "public"
+  sg_description  = "Allow connections from internet"
+}
+
+# AWS Public Security Group Rules
+resource "aws_security_group_rule" "allow_http_inbound_public" {
+  type              = "ingress"
+  from_port         = 80
+  to_port           = 80
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = module.public_security_group.security_group_id
+}
+
+resource "aws_security_group_rule" "allow_https_inbound_public" {
+  type              = "ingress"
+  from_port         = 443
+  to_port           = 443
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = module.public_security_group.security_group_id
+}
+
+# AWS Private Security Group
+module "private_security_group" {
+  source          = "./resources"
+  vpc_id          = var.vpc_id
+  prefix          = var.prefix
+  environment     = var.environment
+  sg_type         = "private"
+  sg_description  = "The private security group to allows inbound traffic from public group"
+}
+
+# AWS Private Security Group Rules
+resource "aws_security_group_rule" "allow_inbound_private" {
+  type                      = "ingress"
+  from_port                 = 0
+  to_port                   = 65535
+  protocol                  = "-1"
+  source_security_group_id  = module.public_security_group.security_group_id
+  security_group_id         = module.private_security_group.security_group_id
+}
+
+# AWS Storage Security Group
+module "storage_security_group" {
+  source          = "./resources"
+  vpc_id          = var.vpc_id
+  prefix          = var.prefix
+  environment     = var.environment
+  sg_type         = "storage"
+  sg_description  = "The storage security group to allows inbound traffic from private group"
+}
+
+# AWS Storage Security Group Rules
+resource "aws_security_group_rule" "allow_inbound_storage" {
+  type                      = "ingress"
+  from_port                 = 0
+  to_port                   = 65535
+  protocol                  = "-1"
+  source_security_group_id  = module.private_security_group.security_group_id
+  security_group_id         = module.storage_security_group.security_group_id
+}
diff --git a/modules/security-groups/output.tf b/modules/security-groups/output.tf
@@ -0,0 +1,11 @@
+output "public_security_group_id" {
+  value = module.public_security_group.security_group_id
+}
+
+output "private_security_group_id" {
+  value = module.private_security_group.security_group_id
+}
+
+output "storage_security_group_id" {
+  value = module.storage_security_group.security_group_id
+}
diff --git a/modules/security-groups/resources/main.tf b/modules/security-groups/resources/main.tf
@@ -0,0 +1,23 @@
+#  AWS Security Group
+ resource "aws_security_group" "security_group" {
+    name                    = "${var.prefix}-${var.sg_type}"
+    description             = var.sg_description
+    vpc_id                  = var.vpc_id
+    revoke_rules_on_delete  = true
+
+    tags = {
+        Name        = "${var.prefix}-${var.sg_type}"
+        Type        = var.sg_type
+        Environment = var.environment
+      }
+}
+
+# AWS Outbound Security Group Rule
+resource "aws_security_group_rule" "security_group_rule" {
+  type              = "egress"
+  from_port         = 0
+  to_port           = 65535
+  protocol          = "-1"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = aws_security_group.security_group.id
+}
diff --git a/modules/security-groups/resources/output.tf b/modules/security-groups/resources/output.tf
@@ -0,0 +1,3 @@
+output "security_group_id" {
+  value = aws_security_group.security_group.id
+}
diff --git a/modules/security-groups/resources/variables.tf b/modules/security-groups/resources/variables.tf
@@ -0,0 +1,24 @@
+variable "vpc_id" {
+  description = "VPC ID to which subnet mask will bind to"
+  type        = string
+}
+
+variable "prefix" {
+  description = "generic naming resources"
+  type        = string
+}
+
+variable "environment" {
+  description = "To apply generic environment to AWS VPC Resources"
+  type        = string
+}
+
+variable "sg_type" {
+  description = "Security Group type Eg: public, private and storage"
+  type        = string
+}
+
+variable "sg_description" {
+  description = "Generic security group description"
+  type        = string
+}
diff --git a/modules/security-groups/variables.tf b/modules/security-groups/variables.tf
@@ -0,0 +1,15 @@
+variable "vpc_id" {
+  description = "VPC ID to which subnet mask will bind to"
+  type        = string
+}
+
+variable "prefix" {
+  description = "generic naming resources"
+  type        = string
+}
+
+variable "environment" {
+  description = "To apply generic environment to AWS VPC Resources"
+  type        = string
+}
+
diff --git a/modules/vpc-endpoints/.gitkeep b/modules/vpc-endpoints/.gitkeep
diff --git a/variables.tf b/variables.tf
@@ -2,19 +2,16 @@
 variable "aws_region" {
   description = "AWS Default Region"
   type        = string
-  default     = "us-east-1"
 }
 
 variable "prefix" {
   description = "To apply generic naming to AWS VPC Resources"
   type        = string
-  default     = "copper"
 }
 
 variable "environment" {
   description = "To apply generic environment to AWS VPC Resources"
   type        = string
-  default     = "devops"
 }
 
 variable "cidr" {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+output "security_group_id" {`
	`2`	`+ value = aws_security_group.security_group.id`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -2,19 +2,16 @@`
`2`	`2`	`variable "aws_region" {`
`3`	`3`	`description = "AWS Default Region"`
`4`	`4`	`type = string`
`5`		`- default = "us-east-1"`
`6`	`5`	`}`
`7`	`6`
`8`	`7`	`variable "prefix" {`
`9`	`8`	`description = "To apply generic naming to AWS VPC Resources"`
`10`	`9`	`type = string`
`11`		`- default = "copper"`
`12`	`10`	`}`
`13`	`11`
`14`	`12`	`variable "environment" {`
`15`	`13`	`description = "To apply generic environment to AWS VPC Resources"`
`16`	`14`	`type = string`
`17`		`- default = "devops"`
`18`	`15`	`}`
`19`	`16`
`20`	`17`	`variable "cidr" {`