initial

.gitignore

@@ -0,0 +1,11 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+terraform
+.DS_Store

README.md

@@ -0,0 +1,22 @@
+# terraform-aws-sg
+This is a module that makes it easy to create security groups in AWS. Built for 0.12
+
+Example Usage:
+```
+module "sg" {
+    name = var.name
+    description = var.description
+    vpc_id = var.vpc_id
+
+    ingress_rules = [
+        {
+            protocol = "tcp"
+            port = 80
+            cidr_blocks = ["0.0.0.0/0"]
+        }
+    ]    
+}
+
+```
+outputs:
+the created security group accesible via: `module.sg.security_group`

main.tf

@@ -0,0 +1,64 @@
+locals {
+    ingress_rules = concat([
+    {
+        protocol = -1
+        from_port = 0
+        to_port = 0
+        cidr_blocks = null
+        security_groups = null
+        self = true
+    },
+    ],[for r in var.ingress_rules : {
+        protocol = lookup(r,"protocol","tcp")
+        from_port = lookup(r,"port",0)
+        to_port = lookup(r,"port",0)
+        cidr_blocks = lookup(r,"cidr_blocks",null)
+        security_groups = lookup(r,"security_groups",null)
+        self = false
+    }])
+
+    egress_rules = concat([
+    {
+        protocol    = -1
+        from_port   = 0
+        to_port     = 0
+        cidr_blocks = ["0.0.0.0/0"]
+        security_groups = null
+    }
+    ],[for r in var.egress_rules : {
+        protocol = lookup(r,"protocol","tcp")
+        from_port = lookup(r,"port",0)
+        to_port = lookup(r,"port",0)
+        cidr_blocks = lookup(r,"cidr_blocks",null)
+        security_groups = lookup(r,"security_groups",null)
+    }])
+}
+
+resource "aws_security_group" "security_group" {
+    name = var.name
+    description = var.description
+    vpc_id = var.vpc_id
+
+    dynamic "ingress" {
+        for_each = local.ingress_rules
+        content {
+            protocol = ingress.value.protocol
+            from_port = ingress.value.from_port
+            to_port = ingress.value.to_port
+            cidr_blocks = ingress.value.cidr_blocks
+            self = ingress.value.self
+            security_groups = ingress.value.security_groups
+        }
+    }
+
+    dynamic "egress" {
+        for_each = local.egress_rules
+        content {
+            protocol = egress.value.protocol
+            from_port = egress.value.from_port
+            to_port = egress.value.to_port
+            cidr_blocks = egress.value.cidr_blocks
+            security_groups = egress.value.security_groups
+        }
+    }
+ }

outputs.tf

@@ -0,0 +1,3 @@
+output "security_group" {
+    value = aws_security_group.security_group
+}

test/main.tf

@@ -0,0 +1,37 @@
+provider "aws" {
+    region = "us-west-2"
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+module "lb_sg" {
+  source      = "./.."
+  name = "test-lb"
+  vpc_id      = var.vpc_id
+  ingress_rules = [{
+    port        = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }]
+}
+
+module "websvr_sg" {
+  source      = "./.."
+   name = "test-websvr"
+  vpc_id      = var.vpc_id
+  ingress_rules = [{
+    port            = 8080
+    security_groups = [module.lb_sg.security_group.id]
+  }]
+}
+
+module "db_sg" {
+  source      = "./.."
+   name = "test-db"
+  vpc_id      = var.vpc_id
+  ingress_rules = [{
+    port            = 3306
+    security_groups = [module.websvr_sg.security_group.id]
+  }]
+}

variables.tf

@@ -0,0 +1,25 @@
+variable "name" {
+    default = null
+    type = string
+}
+
+variable "description" {
+    default = null
+    type = string
+}
+
+variable "vpc_id" {
+    type = string
+}
+
+variable "ingress_rules" {
+    default = []
+    description = "A list of custom ingress rules to apply"
+    type = any
+}
+
+variable "egress_rules" {
+    default = []
+    description = "A list of custom egress rules to apply"
+    type = any
+}