HistoryPurge: Clearing 17 old commits

Modules/Compute/security_group/README.md

@@ -0,0 +1,44 @@
+# security-group
+This module create security group.
+
+## Inputs
+
+| Name    | Description       | Type     | Default | Required |
+|---------|-------------------|----------|---------|:--------:|
+| vpc-id  | VPC id            | string   | n/a     |   yes    |
+| ingress | See example below | map      | n/a     |   yes    |
+| egress  | See example below | map      | n/a     |   yes    |
+
+## Outputs
+
+| Name       | Description                    |
+|------------|--------------------------------|
+| sg-id-name | A map of SG id and their names |
+
+### Example
+Below is a sample root module calling this shared module 
+
+```hcl
+module "admin-sg" {
+
+  source = "../../modules/compute/security_group"
+
+  description = "Security group for admins"
+  egress = {
+    r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
+    r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
+    r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},Client to BigFix server"
+    r4 = "-1,-1,-1,0.0.0.0/0,Outbound access"
+  }
+  ingress = {
+    r1  = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
+    r2  = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
+    r3  = "tcp,52311,52311,${aws_ec2_managed_prefix_list.bigfix.id},BigFix server to client"
+  }
+  name   = "admin-sg"
+  vpc-id = "vpc-01a10b033169f89a8"
+}
+```
+
+
+

Modules/Compute/security_group/main.tf

@@ -0,0 +1,39 @@
+data "aws_default_tags" "this" {
+  lifecycle {
+    postcondition {
+      condition     = length(self.tags) >= 1
+      error_message = "Validation failed: Provider default_tags not set."
+    }
+  }
+}
+
+resource "aws_security_group" "sg" {
+  name        = var.name
+  description = var.description
+  vpc_id      = var.vpc-id
+  tags        = { Name = var.name }
+}
+
+resource "aws_vpc_security_group_ingress_rule" "ingress-rules" {
+  for_each                     = var.ingress
+  security_group_id            = aws_security_group.sg.id
+  ip_protocol                  = split(",", each.value)[0]
+  from_port                    = split(",", each.value)[1]
+  to_port                      = split(",", each.value)[2]
+  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
+  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
+  description                  = split(",", each.value)[4]
+}
+
+resource "aws_vpc_security_group_egress_rule" "egress-rules" {
+  for_each                     = var.egress
+  security_group_id            = aws_security_group.sg.id
+  ip_protocol                  = split(",", each.value)[0]
+  from_port                    = split(",", each.value)[1]
+  to_port                      = split(",", each.value)[2]
+  cidr_ipv4                    = substr(split(",", each.value)[3], 2, 1) != "-" ? split(",", each.value)[3] : null
+  referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null
+  prefix_list_id               = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null
+  description                  = split(",", each.value)[4]
+}

Modules/Compute/security_group/outputs.tf

@@ -0,0 +1,3 @@
+output id {
+  value = aws_security_group.sg.id
+}

Modules/Compute/security_group/variables.tf

@@ -0,0 +1,5 @@
+variable name {}
+variable description {}
+variable vpc-id {}
+variable ingress {}
+variable egress {}