<- All Blueprints
Customizable templates for deploying cloud infrastructure

AWS Security Group

This blueprint creates an AWS Security Group adhering to best practices by denying all inbound traffic unless specified, thereby enhancing security. It allows all outbound traffic by default, following AWS's standard behavior, but gives users the flexibility to define specific egress rules if needed. The blueprint encourages the use of descriptive tagging for better resource management and organizes variables into groups to simplify configuration for users who may not be cloud infrastructure experts.

Define and customize Blueprints to set what infrastructure configuration options are available to developers.

---
constants:
  __name: "{{ name }}_{{ __guid }}"
variables:
  name:
    desc: "Name of the security group."
    required: true
    group: Security Group Details
  description:
    desc: "Description of the security group."
    required: false
    group: Security Group Details
    default: "Managed by Resourcely"
  vpc_id:
    desc: "VPC ID where the security group will be created."
    required: true
    group: Security Group Details
    links_to: resource.aws_vpc.id
  ingress_rules:
    group: Ingress Rules
    required: false
  egress_rules:
    group: Egress Rules
    required: false
  tags:
    group: Tags
    required: false
groups:
  Security Group Details:
    order: 1
    desc: "Basic details for the security group."
  Ingress Rules:
    order: 2
    desc: "Define inbound traffic rules."
  Egress Rules:
    order: 3
    desc: "Define outbound traffic rules."
  Tags:
    order: 4
    desc: "Tags to assign to the security group."
---

resource "aws_security_group" "__name" {
  name        = {{ name }}
  description = {{ description }}
  vpc_id      = {{ vpc_id }}

  {{# ingress_rules }}
  ingress {
    description      = {{ ingress_rules.description | required: false }}
    from_port        = {{ ingress_rules.from_port | desc: "Start of port range for TCP/UDP protocols, or ICMP type number." | required: true }}
    to_port          = {{ ingress_rules.to_port | desc: "End of port range for TCP/UDP protocols, or ICMP code." | required: true }}
    protocol         = {{ ingress_rules.protocol | desc: "Protocol. Valid options are 'tcp', 'udp', 'icmp', '-1' (all)." | required: true }}
    cidr_blocks      = {{ ingress_rules.cidr_blocks | desc: "List of IPv4 CIDR blocks." | required: false }}
    ipv6_cidr_blocks = {{ ingress_rules.ipv6_cidr_blocks | desc: "List of IPv6 CIDR blocks." | required: false }}
    security_groups  = {{ ingress_rules.security_groups | desc: "List of security group IDs to allow ingress from." | required: false }}
    prefix_list_ids  = {{ ingress_rules.prefix_list_ids | desc: "List of prefix list IDs (for allowing AWS services)." | required: false }}
  }
  {{/ ingress_rules }}

  {{# egress_rules }}
  egress {
    description      = {{ egress_rules.description | required: false }}
    from_port        = {{ egress_rules.from_port | desc: "Start of port range for TCP/UDP protocols, or ICMP type number." | required: true }}
    to_port          = {{ egress_rules.to_port | desc: "End of port range for TCP/UDP protocols, or ICMP code." | required: true }}
    protocol         = {{ egress_rules.protocol | desc: "Protocol. Valid options are 'tcp', 'udp', 'icmp', '-1' (all)." | required: true }}
    cidr_blocks      = {{ egress_rules.cidr_blocks | desc: "List of IPv4 CIDR blocks." | required: false }}
    ipv6_cidr_blocks = {{ egress_rules.ipv6_cidr_blocks | desc: "List of IPv6 CIDR blocks." | required: false }}
    security_groups  = {{ egress_rules.security_groups | desc: "List of security group IDs to allow egress to." | required: false }}
    prefix_list_ids  = {{ egress_rules.prefix_list_ids | desc: "List of prefix list IDs (for allowing AWS services)." | required: false }}
  }
  {{/ egress_rules }}

  tags = {
    Name = {{ name }}
    {{# tags }}
      {{ tags.key | required: false }} = {{ tags.value | required: false }}
    {{/ tags }}
  }
}

// By default, the security group denies all inbound traffic unless ingress rules are specified.
// Outbound traffic is allowed unless egress rules are defined.
// Tags are encouraged for resource identification and management.
//
A form is created automatically that accepts inputs that you defined in the Blueprint.
After filling out the Blueprint form, Terraform is generated and a PR is automatically submitted.
What am I looking at?

Talk to a Human

See Resourcely in action and learn how it can help you secure and manage your cloud infrastructure today!