NEW: security group using nested loops
This commit is contained in:
@@ -0,0 +1,51 @@
|
|||||||
|
resource "aws_security_group" "sg" {
|
||||||
|
count = length(var.security-groups)
|
||||||
|
name = lookup(var.security-groups[count.index], "name")
|
||||||
|
description = lookup(var.security-groups[count.index], "description")
|
||||||
|
vpc_id = var.vpcid
|
||||||
|
}
|
||||||
|
|
||||||
|
// see https://www.terraform.io/docs/configuration/functions/flatten.html
|
||||||
|
|
||||||
|
locals {
|
||||||
|
rules = flatten([
|
||||||
|
for sg_key, sg in var.security-groups : [
|
||||||
|
for rule_key, rule in lookup(sg, "rules") : {
|
||||||
|
sg_key = sg_key
|
||||||
|
rule_key = rule_key
|
||||||
|
sg_name = sg.name
|
||||||
|
protocol = rule[0]
|
||||||
|
cidr_blocks = rule[1]
|
||||||
|
from_port = rule[2]
|
||||||
|
to_port = rule[3]
|
||||||
|
type = rule[4]
|
||||||
|
description = rule[5]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
])
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group_rule" "rules" {
|
||||||
|
for_each = {
|
||||||
|
for rule in local.rules : "${rule.sg_key}.${rule.rule_key}" => rule
|
||||||
|
}
|
||||||
|
|
||||||
|
security_group_id = matchkeys(aws_security_group.sg.*.id, aws_security_group.sg.*.name, [each.value.sg_name])[0]
|
||||||
|
protocol = each.value.protocol
|
||||||
|
cidr_blocks = [each.value.cidr_blocks]
|
||||||
|
from_port = each.value.from_port
|
||||||
|
to_port = each.value.to_port
|
||||||
|
type = each.value.type
|
||||||
|
description = each.value.description
|
||||||
|
}
|
||||||
|
|
||||||
|
output sg-id-name {
|
||||||
|
value = [
|
||||||
|
for id, name in zipmap(
|
||||||
|
sort(aws_security_group.sg.*.id),
|
||||||
|
sort(aws_security_group.sg.*.name)) :
|
||||||
|
map("id", id, "name", name)
|
||||||
|
]
|
||||||
|
}
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
# In pre-build phase, this terraform script is ran by the TempRackspaceUser with local state file.
|
||||||
|
# Later on it was adjusted to use assume role
|
||||||
|
# Ultimately, the state file needs to be moved to s3
|
||||||
|
|
||||||
|
provider "aws" {
|
||||||
|
region = "ap-east-1"
|
||||||
|
}
|
||||||
|
|
||||||
|
terraform {
|
||||||
|
required_version = "> 0.12, < 0.13"
|
||||||
|
required_providers {
|
||||||
|
aws = "~> 3.6.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
variable vpcid {}
|
||||||
|
variable security-groups {}
|
||||||
Reference in New Issue
Block a user