v0.0.1

.gitignore

@@ -0,0 +1,50 @@
+# These are some examples of commonly ignored file patterns.
+# You should customize this list as applicable to your project.
+# Learn more about .gitignore:
+#     https://www.atlassian.com/git/tutorials/saving-changes/gitignore
+
+# Node artifact files
+node_modules/
+dist/
+
+# Compiled Java class files
+*.class
+
+# Compiled Python bytecode
+*.py[cod]
+
+# Log files
+*.log
+
+# Package files
+*.jar
+
+# Maven
+target/
+dist/
+
+# JetBrains IDE
+.idea/
+
+# Unit test reports
+TEST*.xml
+
+# Generated by MacOS
+.DS_Store
+
+# Generated by Windows
+Thumbs.db
+
+# Applications
+*.app
+*.exe
+*.war
+
+# Large media files
+*.mp4
+*.tiff
+*.avi
+*.flv
+*.mov
+*.wmv
+

LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 PYXIS SA
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,57 @@
+<!-- BEGIN_TF_DOCS -->
+<!-- markdownlint-disable MD033 -->
+# Security group Module
+
+- Creating of Security group.
+- Provides a security group rule resource. Represents a single ingress or egress group rule, which can be added to external Security Groups.
+- Attaching a security group to an Elastic Network Interface (ENI).
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.61.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.61.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_network_interface_sg_attachment.sg_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface_sg_attachment) | resource |
+| [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.sg_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_instance.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/instance) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_add_sg_rule"></a> [add\_sg\_rule](#input\_add\_sg\_rule) | if true, enable create rules to security group | `bool` | `false` | no |
+| <a name="input_create_sg"></a> [create\_sg](#input\_create\_sg) | if true, enable create security group | `bool` | `false` | no |
+| <a name="input_ec2_id"></a> [ec2\_id](#input\_ec2\_id) | ID of AMI to use for the instance | `string` | `null` | no |
+| <a name="input_sg_attachment_to_ec2"></a> [sg\_attachment\_to\_ec2](#input\_sg\_attachment\_to\_ec2) | if true, enable attach security group to Instance | `bool` | `false` | no |
+| <a name="input_sg_egress_rules"></a> [sg\_egress\_rules](#input\_sg\_egress\_rules) | all configuration for rules ingress of security group | `any` | `[]` | no |
+| <a name="input_sg_id"></a> [sg\_id](#input\_sg\_id) | (Required) Security group to apply this rule to. | `string` | `null` | no |
+| <a name="input_sg_ingress_rules"></a> [sg\_ingress\_rules](#input\_sg\_ingress\_rules) | all configuration for rules ingress of security group | `any` | `[]` | no |
+| <a name="input_sg_ingress_rules_own"></a> [sg\_ingress\_rules\_own](#input\_sg\_ingress\_rules\_own) | type = map(object({<br>    client-sg = {<br>    # from\_port         = 2,<br>    # to\_port           = 2,<br>    # protocol          = "-1",<br>    # description       = "sg",<br>    # cidr\_blocks       = [],<br>    # ipv6\_cidr\_blocks  = [],<br>    # prefix\_list\_ids   = [],<br>    # self              = null,<br>    # source\_security\_group\_id  = []<br>    }<br>}))<br>Required configuration for attach rule to Sg | `any` | `null` | no |
+| <a name="input_sg_name"></a> [sg\_name](#input\_sg\_name) | Name to be used on SG created. | `string` | `null` | no |
+| <a name="input_sg_type"></a> [sg\_type](#input\_sg\_type) | (Required) Type of rule being created. Valid options are ingress (inbound) or egress (outbound) | `string` | `null` | no |
+| <a name="input_sg_vpc_id"></a> [sg\_vpc\_id](#input\_sg\_vpc\_id) | (Optional, Forces new resource) VPC ID. Defaults to the region's default VPC | `string` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | all tags for all recursives | `any` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id_security_group"></a> [id\_security\_group](#output\_id\_security\_group) | n/a |
+<!-- END_TF_DOCS -->

main.tf

@@ -0,0 +1,82 @@
+locals {
+  tags = {
+    terraform = true
+    Name      = var.sg_name
+  }
+}
+
+data "aws_instance" "instance" {
+  count = var.sg_attachment_to_ec2 ? 1 : 0
+  instance_id = var.ec2_id
+}
+
+
+resource "aws_security_group" "sg" {
+  count = var.create_sg ? 1 : 0
+
+  name        = "${var.sg_name}"
+  description = "Security Group for ${var.sg_name}"
+  vpc_id      = var.sg_vpc_id
+
+
+  dynamic "ingress" {
+    for_each = var.sg_ingress_rules
+
+    content {
+      description     = ingress.value["description"]
+      from_port       = ingress.value["from_port"]
+      to_port         = ingress.value["to_port"]
+      cidr_blocks     = lookup(ingress.value, "cidr_blocks", null)
+      protocol        = ingress.value["protocol"]
+      security_groups = lookup(ingress.value, "security_groups", null)
+    }
+  }
+
+  dynamic "egress" {
+    for_each = var.sg_egress_rules
+
+    content {
+      description     = egress.value["description"]
+      from_port       = egress.value["from_port"]
+      to_port         = egress.value["to_port"]
+      cidr_blocks     = lookup(egress.value, "cidr_blocks", null)
+      protocol        = egress.value["protocol"]
+      security_groups = lookup(egress.value, "security_groups", null)
+    }
+  }
+
+  tags = merge(
+    local.tags,
+    var.tags
+  )
+}
+
+
+
+resource "aws_security_group_rule" "sg_rule" {
+  for_each = var.add_sg_rule ? var.sg_ingress_rules_own : {}
+
+  security_group_id = var.sg_id
+  type        =var.sg_type
+
+
+  from_port   = each.value.from_port
+  to_port     = each.value.to_port
+  protocol    = each.value.protocol
+  description = each.value.description
+  #source_security_group_id = lookup(each.value, "security_groups", null)
+
+  cidr_blocks              = length(each.value.cidr_blocks) == 0 ? null : each.value.cidr_blocks
+  ipv6_cidr_blocks         = length(each.value.ipv6_cidr_blocks) == 0 ? null : each.value.ipv6_cidr_blocks
+  prefix_list_ids          = length(each.value.prefix_list_ids) == 0 ? [] : each.value.prefix_list_ids
+  self                     = each.value.self
+  source_security_group_id = each.value.source_security_group_id
+
+
+  }
+
+resource "aws_network_interface_sg_attachment" "sg_attachment" {
+  count = var.sg_attachment_to_ec2 ? 1 : 0
+  security_group_id    = var.sg_id
+  network_interface_id = data.aws_instance.instance[count.index].network_interface_id
+}

outputs.tf

@@ -0,0 +1,3 @@
+output "id_security_group" {
+  value = element(concat(aws_security_group.sg.*.id, [""]), 0)
+}

variables.tf

@@ -0,0 +1,101 @@
+
+variable "create_sg" {
+  type        = bool
+  default     = false
+  description = "if true, enable create security group "
+}
+
+variable "sg_name" {
+  description = "Name to be used on SG created."
+  default     = null
+  type        = string
+}
+
+variable "add_sg_rule" {
+  type        = bool
+  default     = false
+  description = "if true, enable create rules to security group "
+}
+variable "sg_attachment_to_ec2" {
+  type        = bool
+  default     = false
+  description = "if true, enable attach security group to Instance"
+}
+
+variable "sg_ingress_rules" {
+  type        = any
+  default     = []
+  description = "all configuration for rules ingress of security group"
+}
+
+variable "sg_egress_rules" {
+  type        = any
+  default     = []
+  description = "all configuration for rules ingress of security group"
+}
+
+variable "sg_vpc_id" {
+  type        = string
+  default     = null
+  description = " (Optional, Forces new resource) VPC ID. Defaults to the region's default VPC"
+}
+variable "sg_id" {
+  type        = string
+  default     = null
+  description = "(Required) Security group to apply this rule to."
+}
+variable "ec2_id" {
+  type        = string
+  default     = null
+  description = "ID of AMI to use for the instance"
+}
+variable "sg_type" {
+  type        = string
+  default     = null
+  description = "(Required) Type of rule being created. Valid options are ingress (inbound) or egress (outbound)"
+}
+
+variable "tags" {
+  type        = any
+  default     = null
+  description = "all tags for all recursives"
+}
+
+# variable "sg_ingress_rules_own" {
+#   description = "Map of sg."
+#   type        = any
+#   default     = {
+#     client-sg = {
+#       from_port         = 2,
+#       to_port           = 2,
+#       protocol          = "-1",
+#       description       = "sg",
+#       cidr_blocks       = [],
+#       ipv6_cidr_blocks  = [],
+#       prefix_list_ids   = [],
+#       self              = null,
+#       source_security_group_id  = []
+#     }
+#   }
+# }
+
+variable "sg_ingress_rules_own" {
+  type        = any
+  default     = null
+  description = <<-EOT
+    type = map(object({
+        client-sg = {
+        # from_port         = 2,
+        # to_port           = 2,
+        # protocol          = "-1",
+        # description       = "sg",
+        # cidr_blocks       = [],
+        # ipv6_cidr_blocks  = [],
+        # prefix_list_ids   = [],
+        # self              = null,
+        # source_security_group_id  = []
+        }
+    }))
+    Required configuration for attach rule to Sg
+    EOT
+}

version.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.14"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.61.0"
+    }
+  }
+}