Home > Software engineering >  Referencing Security Group in AWS via Terraform using Dynamic Block
Referencing Security Group in AWS via Terraform using Dynamic Block

Time:01-03

I have a security group resource in the module called "networking":

resource "aws_security_group" "dev_sg" {
  for_each    = var.security_groups
  name        = each.value.name
  description = each.value.description
  vpc_id      = aws_vpc.dev_vpc.id

  dynamic "ingress" {
    for_each = each.value.ingress
    #iterator = port
    content {
      from_port   = ingress.value.from
      to_port     = ingress.value.to
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    }
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Also, outside of the module, in the root module i have locals.tf file which is this:

locals {
  security_groups = {
    public = {
      name        = "public_sg"
      description = "Security Group for Public Access"
      ingress = {
        ssh = {
          from        = 22
          to          = 22
          protocol    = "tcp"
          cidr_blocks = [var.access_ip]
        }
        http = {
          from        = 80
          to          = 80
          protocol    = "tcp"
          cidr_blocks = ["0.0.0.0/0"]
        }
      }
    }
}

And here is the module definition:

module "networking" {
  source           = "./networking"
  vpc_cidr         = local.vpc_cidr
  security_groups  = local.security_groups
  public_sn_count  = 2
  private_sn_count = 3
  }

Now, my question is, how can I reference a security group ID instead of cidr_block inside locals.tf file? I have no clue how to implement this?

For example:

cidr_blocks = ["192.168.8.0/21", "${var.security_group_id}"]

CodePudding user response:

You need to use security_groups in aws_security_group ingress or egress

resource "aws_security_group" "dev_sg" {
  for_each    = var.security_groups
  name        = each.value.name
  description = each.value.description
  vpc_id      = aws_vpc.dev_vpc.id

  dynamic "ingress" {
    for_each = each.value.ingress
    #iterator = port
    content {
      from_port   = ingress.value.from
      to_port     = ingress.value.to
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
      security_groups  = lookup(ingress.value, "security_groups", null)
    }
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

locals {
  security_groups = {
    public = {
      name        = "public_sg"
      description = "Security Group for Public Access"
      ingress = {
        ssh = {
          from        = 22
          to          = 22
          protocol    = "tcp"
          cidr_blocks = [var.access_ip]
          security_groups = [var.security_group_id]
        }
        http = {
          from        = 80
          to          = 80
          protocol    = "tcp"
          cidr_blocks = ["0.0.0.0/0"],
          security_groups = [var.security_group_id]
        }
      }
    }
}

module "networking" {
  source           = "./networking"
  vpc_cidr         = local.vpc_cidr
  security_groups  = local.security_groups
  public_sn_count  = 2
  private_sn_count = 3
}

Page link:https//www.codepudding.com/Softwareengineering/661023.html

Prev:How to get schema name, table name and primary key in oracle database?
Next:How to copy a file to ec2 via ssh? (CI/CD using gitlab CI)
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding