Skip to content

Security Group Module

Description

This module creates security groups for the EIC endpoint, EC2 bastion, RDS proxy, RDS, Lambda, and Secret Manager.

Usage

module "security_group" {
  source = "./modules/security-group"
  product = "oqtopus"
  org = "example"
  env = "dev"
  vpc_id = "vpc-123"
}

Requirements

Name Version
terraform >= 1.9.0, < 2.0.0
aws ~> 5.57.0

Providers

Name Version
aws ~> 5.57.0

Resources

Name Type
aws_security_group.cloudtrail resource
aws_security_group.cognito resource
aws_security_group.cognito_idp resource
aws_security_group.db resource
aws_security_group.db_proxy resource
aws_security_group.ec2_bastion resource
aws_security_group.eic resource
aws_security_group.lambda resource
aws_security_group.secret_manager resource
aws_vpc_security_group_egress_rule.db_proxy_to_db resource
aws_vpc_security_group_egress_rule.ec2_bastion_to_db_proxy resource
aws_vpc_security_group_egress_rule.ec2_bastion_to_secret_manager resource
aws_vpc_security_group_egress_rule.eic_to_ec2_bastion resource
aws_vpc_security_group_egress_rule.lambda_to_cloudtrail resource
aws_vpc_security_group_egress_rule.lambda_to_cognito_idp resource
aws_vpc_security_group_egress_rule.lambda_to_db_proxy resource
aws_vpc_security_group_egress_rule.lambda_to_s3 resource
aws_vpc_security_group_egress_rule.lambda_to_secret_manager resource
aws_vpc_security_group_ingress_rule.cloudtrail_from_lambda resource
aws_vpc_security_group_ingress_rule.cognito_from_lambda resource
aws_vpc_security_group_ingress_rule.db_proxy_from_ec2_bastion resource
aws_vpc_security_group_ingress_rule.db_proxy_from_lambda resource
aws_vpc_security_group_ingress_rule.ec2_bastion_from_eic resource
aws_vpc_security_group_ingress_rule.rds_from_db_proxy resource
aws_vpc_security_group_ingress_rule.secret_manager_from_ec2_bastion resource
aws_vpc_security_group_ingress_rule.secret_manager_from_lambda resource
aws_prefix_list.s3 data source

Inputs

Name Description Type Default Required
env environment name string n/a yes
org organization name string n/a yes
product product name string n/a yes
region region name string n/a yes
vpc_id The ID of the VPC string n/a yes

Outputs

Name Description
cloudtrail_security_group_ids The security group IDs for the CloudTrail
cognito_security_group_ids The security group IDs for the Cognito IdP
db_proxy_security_group_ids The security group IDs for the RDS proxy
db_security_group_ids The security group IDs for the RDS instance
ec2_bastion_security_group_ids The security group IDs for the EC2 instance
eic_security_group_ids The security group IDs for the EIC instance
lambda_security_group_ids The security group IDs for the Lambda function
secret_manager_security_group_ids The security group IDs for the Secret Manager