terraform-community-modules / tf_aws_sg Goto Github PK
View Code? Open in Web Editor NEW[DEPRECATED] Use https://github.com/terraform-aws-modules/terraform-aws-security-group
License: Other
[DEPRECATED] Use https://github.com/terraform-aws-modules/terraform-aws-security-group
License: Other
In most modules here, tags are not used, so we don't really see this issue.
When using the new module sg_default
(#44), you will have issue to define the tags.
In terraform resource aws_autoscaling_group
tags
is defined as list ( not map)
tags (Optional) A list of tag blocks (maps). Tags documented below.
Would be cool to allow SGs ingress
definition to use other SGs.
It was a confusing thing to do
but it might be worth adding a note to the SG that it is only for 0.8.0 and 0.8.1 (or have separate modules for 6667 and 9092 )
I'm setting up a VPC in my terraform template and would like to pass the output ID to the sg_web module. This module requires the vpc_id to be set explicitly, but since I'm dynamically creating the vpc, I don't have this information. I would rather use variable interpolation, but because the internals of the module seem to require the variable to be set explicitly, this will not work.
I just realized that probably what's going on is terraform isn't able to determine that the module depends on the vpc resource. And since it's a module, it doesn't use the depends_on
property, so I can't force it.
Is there another way I can work around this?
It might be a very big security issue to have 0.0.0.0
cidr_block
by defalt.
Hi there - Just wondering how you feel about me adding support for a Postgresql security group? I wanted to discuss it before doing the work and submitting a PR.
Support for Instance creation across Availability Zones with count. So for example specify what AZ's are in play and set count to 2. During resource creation terraform will evenly create resources across AZ's.
Hi there - brilliant work on tf_aws_sg!
I am getting the error
3 error(s) occurred:
* module.cassandra.module.cassandra_security_group.aws_security_group_rule.ingress_tcp_7199_self: cidr_blocks: should be a list
* module.cassandra.module.cassandra_security_group.aws_security_group_rule.ingress_tcp_9042_self: cidr_blocks: should be a list
* module.cassandra.module.cassandra_security_group.aws_security_group_rule.ingress_tcp_9160_self: cidr_blocks: should be a list
I created a PR, this is kind of blocking me so if you don't want to approve that's fine but let me know so i can recreate the sg groups locally in my project.
PR: #40
It would be worthy to add default security group names.
Let's say:
tf-sg-ssh
tf-sg-ldap
Hi Group owner,
I am not sure who I can talk with in terraform-community-modules
. I start from here.
This will be good idea for all repos in this group.
I recommend generating REAME
file via useful tool terraform-docs
(https://github.com/segmentio/terraform-docs) more than manually edit README.md
.
$ brew install terraform-docs
$ terraform-docs md . > README.md
$ cat README.md
## Inputs
| Name | Description | Default | Required |
|------|-------------|:-----:|:-----:|
| security_group_name | The name for the security group | - | yes |
| source_cidr_block | The source CIDR block to allow traffic from | - | yes |
| vpc_id | The VPC this security group will go in | - | yes |
## Outputs
| Name | Description |
|------|-------------|
| security_group_id_web | Output ID of sg_web SG we made |
I wrote terraform best practices
(https://github.com/BWITS/terraform-best-practices#generate-readme-for-each-module-about-input-and-output-variables). This is one of the best practices I recommended. Hope you like this idea.
We can create another file USAGE.md
to give the details on how to use this module.
Add tcp/udp 8301 and tcp 8300 for external Serf communication to sg_consul
I'm not sure if I understand how this works.
I'm seeing this error:
aws_security_group.main_security_group: Error creating Security Group: InvalidGroup.Duplicate: The security group 'x_x_x' already exists for VPC 'vpc-00000000'
status code: 400, request id: bcbf6e06-f159-44a6-b281-2be2628c3b98
I want one security group to provide egress for all traffic and ingress for ping/ICMP (seemingly missing in this library) and tcp:22 for ssh.
It isn't clear how to use all of these from a module without repeating the security group name.
Also, how about tags for the group? How might I create tags for a name attribute?
Thanks,
Chris.
Question; wouldn't it be better to keep specific security groups specific and remove SSH connections there? There is no reason to keep SSH connection in application-specific security group. What do you think?
Wouldn't it be better to simply use:
description = "${var.security_group_name}"
letting users of the community rules choose their own names.
How can I specify a list of CIDR blocks to use in the security group? I am trying the zookeeper
configuration.
I have a list fo CIDR blocks to pass to the security group, for example:
variable "private_cidr_blocks" {
description = "The IP blocks for the private subnet"
type = "list"
default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
}
When I apply the plan using the following:
...
source_cidr_block = "${join(",", var.private_cidr_block)}"
...
I receive a malformed CIDR block error
* aws_security_group.main_security_group: Error authorizing security group ingress rules: InvalidParameterValue: CIDR block 10.0.1.0/24,10.0.2.0/24,10.0.3.0/24 is malformed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.