Define and customize Blueprints to set what infrastructure configuration options are available to developers.
---
constants:
__name: "{{ name }}_{{ __guid }}"
variables:
name:
desc: "Name of the security group."
required: true
group: Security Group Details
description:
desc: "Description of the security group."
required: false
group: Security Group Details
default: "Managed by Resourcely"
vpc_id:
desc: "VPC ID where the security group will be created."
required: true
group: Security Group Details
links_to: resource.aws_vpc.id
ingress_rules:
group: Ingress Rules
required: false
egress_rules:
group: Egress Rules
required: false
tags:
group: Tags
required: false
groups:
Security Group Details:
order: 1
desc: "Basic details for the security group."
Ingress Rules:
order: 2
desc: "Define inbound traffic rules."
Egress Rules:
order: 3
desc: "Define outbound traffic rules."
Tags:
order: 4
desc: "Tags to assign to the security group."
---
resource "aws_security_group" "__name" {
name = {{ name }}
description = {{ description }}
vpc_id = {{ vpc_id }}
{{# ingress_rules }}
ingress {
description = {{ ingress_rules.description | required: false }}
from_port = {{ ingress_rules.from_port | desc: "Start of port range for TCP/UDP protocols, or ICMP type number." | required: true }}
to_port = {{ ingress_rules.to_port | desc: "End of port range for TCP/UDP protocols, or ICMP code." | required: true }}
protocol = {{ ingress_rules.protocol | desc: "Protocol. Valid options are 'tcp', 'udp', 'icmp', '-1' (all)." | required: true }}
cidr_blocks = {{ ingress_rules.cidr_blocks | desc: "List of IPv4 CIDR blocks." | required: false }}
ipv6_cidr_blocks = {{ ingress_rules.ipv6_cidr_blocks | desc: "List of IPv6 CIDR blocks." | required: false }}
security_groups = {{ ingress_rules.security_groups | desc: "List of security group IDs to allow ingress from." | required: false }}
prefix_list_ids = {{ ingress_rules.prefix_list_ids | desc: "List of prefix list IDs (for allowing AWS services)." | required: false }}
}
{{/ ingress_rules }}
{{# egress_rules }}
egress {
description = {{ egress_rules.description | required: false }}
from_port = {{ egress_rules.from_port | desc: "Start of port range for TCP/UDP protocols, or ICMP type number." | required: true }}
to_port = {{ egress_rules.to_port | desc: "End of port range for TCP/UDP protocols, or ICMP code." | required: true }}
protocol = {{ egress_rules.protocol | desc: "Protocol. Valid options are 'tcp', 'udp', 'icmp', '-1' (all)." | required: true }}
cidr_blocks = {{ egress_rules.cidr_blocks | desc: "List of IPv4 CIDR blocks." | required: false }}
ipv6_cidr_blocks = {{ egress_rules.ipv6_cidr_blocks | desc: "List of IPv6 CIDR blocks." | required: false }}
security_groups = {{ egress_rules.security_groups | desc: "List of security group IDs to allow egress to." | required: false }}
prefix_list_ids = {{ egress_rules.prefix_list_ids | desc: "List of prefix list IDs (for allowing AWS services)." | required: false }}
}
{{/ egress_rules }}
tags = {
Name = {{ name }}
{{# tags }}
{{ tags.key | required: false }} = {{ tags.value | required: false }}
{{/ tags }}
}
}
// By default, the security group denies all inbound traffic unless ingress rules are specified.
// Outbound traffic is allowed unless egress rules are defined.
// Tags are encouraged for resource identification and management.
//