From ca21e6be48deeb015e23813fcd16a0a06cf0218b Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 14 Jun 2023 20:45:09 +0530 Subject: [PATCH] feat: added description and update example.tf --- _example/new_security_group/example.tf | 13 +++++-- .../new_security_group_with_egress/example.tf | 13 +++++-- .../versions.tf | 11 ------ _example/updated_existing/example.tf | 12 ++++-- _example/updated_existing/versions.tf | 11 ------ main.tf | 38 +++++++++---------- outputs.tf | 7 ++-- variables.tf | 4 +- .../versions.tf => versions.tf | 4 +- 9 files changed, 54 insertions(+), 59 deletions(-) delete mode 100644 _example/new_security_group_with_egress/versions.tf delete mode 100644 _example/updated_existing/versions.tf rename _example/new_security_group/versions.tf => versions.tf (64%) diff --git a/_example/new_security_group/example.tf b/_example/new_security_group/example.tf index 1ecd609..5015d5f 100644 --- a/_example/new_security_group/example.tf +++ b/_example/new_security_group/example.tf @@ -1,7 +1,13 @@ +####---------------------------------------------------------------------------------- +## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. +####---------------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } +####---------------------------------------------------------------------------------- +## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. +####---------------------------------------------------------------------------------- module "vpc" { source = "clouddrove/vpc/aws" version = "1.3.1" @@ -11,6 +17,9 @@ module "vpc" { cidr_block = "10.0.0.0/16" } +##---------------------------------------------------------------------------------- +## Below module will create SECURITY-GROUP and its components. +##---------------------------------------------------------------------------------- module "security_group" { source = "../../" @@ -18,12 +27,8 @@ module "security_group" { environment = "test" label_order = ["name", "environment"] - enable_security_group = true vpc_id = module.vpc.vpc_id - protocol = "tcp" - description = "Instance default security group (only egress access is allowed)." allowed_ip = ["172.16.0.0/16", "10.0.0.0/16"] - allowed_ipv6 = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"] allowed_ports = [22, 27017] security_groups = ["sg-xxxxxxxxxxxx"] prefix_list_ids = ["pl-xxxxxxxxxxxx"] diff --git a/_example/new_security_group_with_egress/example.tf b/_example/new_security_group_with_egress/example.tf index ffc80df..4a178c1 100644 --- a/_example/new_security_group_with_egress/example.tf +++ b/_example/new_security_group_with_egress/example.tf @@ -1,7 +1,13 @@ +####---------------------------------------------------------------------------------- +## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. +####---------------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } +####---------------------------------------------------------------------------------- +## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. +####---------------------------------------------------------------------------------- module "vpc" { source = "clouddrove/vpc/aws" version = "1.3.1" @@ -11,6 +17,9 @@ module "vpc" { cidr_block = "10.0.0.0/16" } +##---------------------------------------------------------------------------------- +## Below module will create SECURITY-GROUP and its components. +##---------------------------------------------------------------------------------- module "security_group" { source = "../../" @@ -18,10 +27,7 @@ module "security_group" { environment = "test" label_order = ["name", "environment"] - enable_security_group = true vpc_id = module.vpc.vpc_id - protocol = "tcp" - description = "Instance default security group (only egress access is allowed)." allowed_ip = ["172.16.0.0/16", "10.0.0.0/16"] allowed_ipv6 = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"] allowed_ports = [22, 27017] @@ -32,7 +38,6 @@ module "security_group" { egress_allowed_ip = ["172.16.0.0/16", "10.0.0.0/16"] egress_allowed_ports = [22, 27017] egress_protocol = "tcp" - egress_allowed_ipv6 = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"] egress_prefix_list_ids = ["pl-xxxxxxxxx"] egress_security_groups = ["sg-xxxxxxxxx"] diff --git a/_example/new_security_group_with_egress/versions.tf b/_example/new_security_group_with_egress/versions.tf deleted file mode 100644 index 87b6d15..0000000 --- a/_example/new_security_group_with_egress/versions.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Terraform version -terraform { - required_version = ">= 1.3.6" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.48.0" - } - } -} diff --git a/_example/updated_existing/example.tf b/_example/updated_existing/example.tf index ae9d8a2..df96da2 100644 --- a/_example/updated_existing/example.tf +++ b/_example/updated_existing/example.tf @@ -1,7 +1,13 @@ +####---------------------------------------------------------------------------------- +## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. +####---------------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } +####---------------------------------------------------------------------------------- +## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. +####---------------------------------------------------------------------------------- module "vpc" { source = "clouddrove/vpc/aws" version = "1.3.1" @@ -11,6 +17,9 @@ module "vpc" { cidr_block = "10.0.0.0/16" } +##---------------------------------------------------------------------------------- +## Below module will create SECURITY-GROUP and its components. +##---------------------------------------------------------------------------------- module "security_group" { source = "../../" @@ -21,10 +30,7 @@ module "security_group" { is_external = true existing_sg_id = "sg-xxxxxxxxxxxx" vpc_id = module.vpc.vpc_id - protocol = "tcp" - description = "Instance default security group (only egress access is allowed)." allowed_ip = ["172.16.0.0/16", "10.0.0.0/16"] - allowed_ipv6 = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"] allowed_ports = [22, 27017] security_groups = ["sg-xxxxxxxxxxxxx"] } diff --git a/_example/updated_existing/versions.tf b/_example/updated_existing/versions.tf deleted file mode 100644 index 87b6d15..0000000 --- a/_example/updated_existing/versions.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Terraform version -terraform { - required_version = ">= 1.3.6" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.48.0" - } - } -} diff --git a/main.tf b/main.tf index dd7706d..6744288 100644 --- a/main.tf +++ b/main.tf @@ -1,12 +1,7 @@ -# Managed By : CloudDrove -# Description : This Script is used to create Security Group. -# Copyright @ CloudDrove. All Right Reserved. - -#Module : Label -#Description : This terraform module is designed to generate consistent label names and tags -# for resources. You can use terraform-labels to implement a strict naming -# convention. - +##---------------------------------------------------------------------------------- +## This terraform module is designed to generate consistent label names and +## tags for resources. You can use terraform-labels to implement a strict naming convention. +##---------------------------------------------------------------------------------- module "labels" { source = "clouddrove/labels/aws" version = "1.3.0" @@ -48,9 +43,9 @@ locals { } -#Module : SECURITY GROUP -#Description : Here are an example of how you can use this module in your inventory -# structure: +##---------------------------------------------------------------------------------- +## Here are an example of how you can use this resource in your inventory structure. +##---------------------------------------------------------------------------------- resource "aws_security_group" "default" { count = local.security_group_count @@ -69,9 +64,10 @@ data "aws_security_group" "existing" { vpc_id = var.vpc_id } -#Module : SECURITY GROUP RULE FOR EGRESS -#Description : Provides a security group rule resource. Represents a single egress -# group rule, which can be added to external Security Groups. +##---------------------------------------------------------------------------------- +## Provides a security group rule resource. Represents a single egress +## group rule, which can be added to external Security Groups. +##---------------------------------------------------------------------------------- resource "aws_security_group_rule" "egress" { count = (var.enable_security_group == true && local.sg_existing == false && local.egress_rule == false) ? 1 : 0 @@ -93,9 +89,11 @@ resource "aws_security_group_rule" "egress_ipv6" { security_group_id = local.id prefix_list_ids = var.prefix_list } -#Module : SECURITY GROUP RULE FOR INGRESS -#Description : Provides a security group rule resource. Represents a single ingress -# group rule, which can be added to external Security Groups. + +##---------------------------------------------------------------------------------- +## Provides a security group rule resource. Represents a single ingress +## group rule, which can be added to external Security Groups. +##---------------------------------------------------------------------------------- resource "aws_security_group_rule" "ingress" { count = local.enable_cidr_rules == true ? length(compact(var.allowed_ports)) : 0 @@ -139,8 +137,10 @@ resource "aws_security_group_rule" "ingress_prefix" { security_group_id = local.id } -#egress rules configuration +##---------------------------------------------------------------------------------- +## egress rules configuration. +##---------------------------------------------------------------------------------- resource "aws_security_group_rule" "egress_ipv4_rule" { count = local.egress_rule == true ? length(compact(var.allowed_ports)) : 0 diff --git a/outputs.tf b/outputs.tf index 4b02eb6..d95303d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,6 +1,7 @@ -#Module : SECURITY GROUP -#Description : This terraform module creates set of Security Group and Security Group Rules -# resources in various combinations. +##---------------------------------------------------------------------------------- +## This terraform module creates set of Security Group and Security Group Rules +## resources in various combinations.. +##---------------------------------------------------------------------------------- output "security_group_ids" { value = try(local.id, null) description = "IDs on the AWS Security Groups associated with the instance." diff --git a/variables.tf b/variables.tf index 92f585a..47b57a8 100644 --- a/variables.tf +++ b/variables.tf @@ -89,7 +89,7 @@ variable "protocol" { variable "allowed_ipv6" { type = list(any) - default = [] + default = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"] description = "List of allowed ipv6." } @@ -152,7 +152,7 @@ variable "egress_security_groups" { variable "egress_allowed_ipv6" { type = list(any) - default = [] + default = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"] description = "List of allowed ipv6." } diff --git a/_example/new_security_group/versions.tf b/versions.tf similarity index 64% rename from _example/new_security_group/versions.tf rename to versions.tf index cbc6f9c..9317499 100644 --- a/_example/new_security_group/versions.tf +++ b/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.4.6" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.1.0" } } } \ No newline at end of file