New module single-port-sg-src

Magicloud · ketzacoatl · commit b2032c15cad6 · 2020-04-14T16:16:00.000+01:00
This is a fork version of single-port-sg module to support source_security_group.
diff --git a/modules/single-port-sg-src/README.md b/modules/single-port-sg-src/README.md
@@ -0,0 +1,3 @@
+## Single Port Security Group Rule
+
+Create an `aws_security_group_rule` to allow ingress on some port.
diff --git a/modules/single-port-sg-src/main.tf b/modules/single-port-sg-src/main.tf
@@ -0,0 +1,67 @@
+/**
+ * ## Single Port Security Group Rule
+ *
+ * Create an `aws_security_group_rule` to allow ingress on some port.
+ *
+ */
+
+variable "security_group_id" {
+  description = "security group to attach the ingress rules to"
+  type        = string
+}
+
+variable "source_security_group_id" {
+  description = "The SG that this SG allows ingress from"
+  type        = string
+}
+
+variable "description" {
+  description = "Use this string to add a description for the SG rule"
+  type        = string
+}
+
+variable "port" {
+  description = "The port to open"
+  type        = string
+}
+
+variable "tcp" {
+  description = "true/false to enables the tcp ingress"
+  default     = "true"
+  type        = string
+}
+
+variable "udp" {
+  description = "true/false to enables the udp ingress"
+  default     = "false"
+  type        = string
+}
+
+locals {
+  tcp = "${var.tcp ? 1 : 0}"
+  udp = "${var.udp ? 1 : 0}"
+}
+
+# ingress rule for tcp, if enabled
+resource "aws_security_group_rule" "tcp_ingress" {
+  count                    = local.tcp
+  type                     = "ingress"
+  description              = "${var.description} (tcp)"
+  from_port                = var.port
+  to_port                  = var.port
+  protocol                 = "tcp"
+  security_group_id        = var.security_group_id
+  source_security_group_id = var.source_security_group_id
+}
+
+# ingress rule for udp, if enabled
+resource "aws_security_group_rule" "udp_ingress" {
+  count                    = local.udp
+  type                     = "ingress"
+  description              = "${var.description} (udp)"
+  from_port                = var.port
+  to_port                  = var.port
+  protocol                 = "udp"
+  security_group_id        = var.security_group_id
+  source_security_group_id = var.source_security_group_id
+}
diff --git a/modules/single-port-sg-src/versions.tf b/modules/single-port-sg-src/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/modules/single-port-sg/README.md b/modules/single-port-sg/README.md
@@ -1,5 +1,3 @@
 ## Single Port Security Group Rule
 
 Create an `aws_security_group_rule` to allow ingress on some port.
-
-TODO: support both TCP and UDP, use count to enable/disable.
diff --git a/modules/single-port-sg/main.tf b/modules/single-port-sg/main.tf
@@ -3,8 +3,6 @@
  *
  * Create an `aws_security_group_rule` to allow ingress on some port.
  *
- * TODO: support both TCP and UDP, use count to enable/disable.
- *
  */
 
 variable "security_group_id" {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+## Single Port Security Group Rule`
	`2`	`+`
	`3`	+Create an `aws_security_group_rule` to allow ingress on some port.
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
++
 +terraform {
 +  required_version = ">= 0.12"
 +}
Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,6 @@`
`3`	`3`	`*`
`4`	`4`	* Create an `aws_security_group_rule` to allow ingress on some port.
`5`	`5`	`*`
`6`		`- * TODO: support both TCP and UDP, use count to enable/disable.`
`7`		`- *`
`8`	`6`	`*/`
`9`	`7`
`10`	`8`	`variable "security_group_id" {`