github.com/andresvia/terraform@v0.6.15-0.20160412045437-d51c75946785/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "strings" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awserr" 11 "github.com/aws/aws-sdk-go/service/ec2" 12 "github.com/hashicorp/terraform/helper/acctest" 13 "github.com/hashicorp/terraform/helper/resource" 14 "github.com/hashicorp/terraform/helper/schema" 15 "github.com/hashicorp/terraform/terraform" 16 ) 17 18 func TestProtocolStateFunc(t *testing.T) { 19 cases := []struct { 20 input interface{} 21 expected string 22 }{ 23 { 24 input: "tcp", 25 expected: "tcp", 26 }, 27 { 28 input: 6, 29 expected: "", 30 }, 31 { 32 input: "17", 33 expected: "udp", 34 }, 35 { 36 input: "all", 37 expected: "-1", 38 }, 39 { 40 input: "-1", 41 expected: "-1", 42 }, 43 { 44 input: -1, 45 expected: "", 46 }, 47 { 48 input: "1", 49 expected: "icmp", 50 }, 51 { 52 input: "icmp", 53 expected: "icmp", 54 }, 55 { 56 input: 1, 57 expected: "", 58 }, 59 } 60 for _, c := range cases { 61 result := protocolStateFunc(c.input) 62 if result != c.expected { 63 t.Errorf("Error matching protocol, expected (%s), got (%s)", c.expected, result) 64 } 65 } 66 } 67 68 func TestProtocolForValue(t *testing.T) { 69 cases := []struct { 70 input string 71 expected string 72 }{ 73 { 74 input: "tcp", 75 expected: "tcp", 76 }, 77 { 78 input: "6", 79 expected: "tcp", 80 }, 81 { 82 input: "udp", 83 expected: "udp", 84 }, 85 { 86 input: "17", 87 expected: "udp", 88 }, 89 { 90 input: "all", 91 expected: "-1", 92 }, 93 { 94 input: "-1", 95 expected: "-1", 96 }, 97 { 98 input: "tCp", 99 expected: "tcp", 100 }, 101 { 102 input: "6", 103 expected: "tcp", 104 }, 105 { 106 input: "UDp", 107 expected: "udp", 108 }, 109 { 110 input: "17", 111 expected: "udp", 112 }, 113 { 114 input: "ALL", 115 expected: "-1", 116 }, 117 { 118 input: "icMp", 119 expected: "icmp", 120 }, 121 { 122 input: "1", 123 expected: "icmp", 124 }, 125 } 126 127 for _, c := range cases { 128 result := protocolForValue(c.input) 129 if result != c.expected { 130 t.Errorf("Error matching protocol, expected (%s), got (%s)", c.expected, result) 131 } 132 } 133 } 134 135 func TestResourceAwsSecurityGroupIPPermGather(t *testing.T) { 136 raw := []*ec2.IpPermission{ 137 &ec2.IpPermission{ 138 IpProtocol: aws.String("tcp"), 139 FromPort: aws.Int64(int64(1)), 140 ToPort: aws.Int64(int64(-1)), 141 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("0.0.0.0/0")}}, 142 UserIdGroupPairs: []*ec2.UserIdGroupPair{ 143 &ec2.UserIdGroupPair{ 144 GroupId: aws.String("sg-11111"), 145 }, 146 }, 147 }, 148 &ec2.IpPermission{ 149 IpProtocol: aws.String("tcp"), 150 FromPort: aws.Int64(int64(80)), 151 ToPort: aws.Int64(int64(80)), 152 UserIdGroupPairs: []*ec2.UserIdGroupPair{ 153 // VPC 154 &ec2.UserIdGroupPair{ 155 GroupId: aws.String("sg-22222"), 156 }, 157 }, 158 }, 159 &ec2.IpPermission{ 160 IpProtocol: aws.String("tcp"), 161 FromPort: aws.Int64(int64(443)), 162 ToPort: aws.Int64(int64(443)), 163 UserIdGroupPairs: []*ec2.UserIdGroupPair{ 164 // Classic 165 &ec2.UserIdGroupPair{ 166 UserId: aws.String("12345"), 167 GroupId: aws.String("sg-33333"), 168 GroupName: aws.String("ec2_classic"), 169 }, 170 &ec2.UserIdGroupPair{ 171 UserId: aws.String("amazon-elb"), 172 GroupId: aws.String("sg-d2c979d3"), 173 GroupName: aws.String("amazon-elb-sg"), 174 }, 175 }, 176 }, 177 } 178 179 local := []map[string]interface{}{ 180 map[string]interface{}{ 181 "protocol": "tcp", 182 "from_port": int64(1), 183 "to_port": int64(-1), 184 "cidr_blocks": []string{"0.0.0.0/0"}, 185 "self": true, 186 }, 187 map[string]interface{}{ 188 "protocol": "tcp", 189 "from_port": int64(80), 190 "to_port": int64(80), 191 "security_groups": schema.NewSet(schema.HashString, []interface{}{ 192 "sg-22222", 193 }), 194 }, 195 map[string]interface{}{ 196 "protocol": "tcp", 197 "from_port": int64(443), 198 "to_port": int64(443), 199 "security_groups": schema.NewSet(schema.HashString, []interface{}{ 200 "ec2_classic", 201 "amazon-elb/amazon-elb-sg", 202 }), 203 }, 204 } 205 206 out := resourceAwsSecurityGroupIPPermGather("sg-11111", raw, aws.String("12345")) 207 for _, i := range out { 208 // loop and match rules, because the ordering is not guarneteed 209 for _, l := range local { 210 if i["from_port"] == l["from_port"] { 211 212 if i["to_port"] != l["to_port"] { 213 t.Fatalf("to_port does not match") 214 } 215 216 if _, ok := i["cidr_blocks"]; ok { 217 if !reflect.DeepEqual(i["cidr_blocks"], l["cidr_blocks"]) { 218 t.Fatalf("error matching cidr_blocks") 219 } 220 } 221 222 if _, ok := i["security_groups"]; ok { 223 outSet := i["security_groups"].(*schema.Set) 224 localSet := l["security_groups"].(*schema.Set) 225 226 if !outSet.Equal(localSet) { 227 t.Fatalf("Security Group sets are not equal") 228 } 229 } 230 } 231 } 232 } 233 } 234 235 func TestAccAWSSecurityGroup_basic(t *testing.T) { 236 var group ec2.SecurityGroup 237 238 resource.Test(t, resource.TestCase{ 239 PreCheck: func() { testAccPreCheck(t) }, 240 Providers: testAccProviders, 241 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 242 Steps: []resource.TestStep{ 243 resource.TestStep{ 244 Config: testAccAWSSecurityGroupConfig, 245 Check: resource.ComposeTestCheckFunc( 246 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 247 testAccCheckAWSSecurityGroupAttributes(&group), 248 resource.TestCheckResourceAttr( 249 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 250 resource.TestCheckResourceAttr( 251 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 252 resource.TestCheckResourceAttr( 253 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 254 resource.TestCheckResourceAttr( 255 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 256 resource.TestCheckResourceAttr( 257 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 258 resource.TestCheckResourceAttr( 259 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 260 resource.TestCheckResourceAttr( 261 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 262 ), 263 }, 264 }, 265 }) 266 } 267 268 func TestAccAWSSecurityGroup_namePrefix(t *testing.T) { 269 var group ec2.SecurityGroup 270 271 resource.Test(t, resource.TestCase{ 272 PreCheck: func() { testAccPreCheck(t) }, 273 Providers: testAccProviders, 274 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 275 Steps: []resource.TestStep{ 276 resource.TestStep{ 277 Config: testAccAWSSecurityGroupPrefixNameConfig, 278 Check: resource.ComposeTestCheckFunc( 279 testAccCheckAWSSecurityGroupExists("aws_security_group.baz", &group), 280 testAccCheckAWSSecurityGroupGeneratedNamePrefix( 281 "aws_security_group.baz", "baz-"), 282 ), 283 }, 284 }, 285 }) 286 } 287 288 func TestAccAWSSecurityGroup_self(t *testing.T) { 289 var group ec2.SecurityGroup 290 291 checkSelf := func(s *terraform.State) (err error) { 292 defer func() { 293 if e := recover(); e != nil { 294 err = fmt.Errorf("bad: %#v", group) 295 } 296 }() 297 298 if *group.IpPermissions[0].UserIdGroupPairs[0].GroupId != *group.GroupId { 299 return fmt.Errorf("bad: %#v", group) 300 } 301 302 return nil 303 } 304 305 resource.Test(t, resource.TestCase{ 306 PreCheck: func() { testAccPreCheck(t) }, 307 Providers: testAccProviders, 308 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 309 Steps: []resource.TestStep{ 310 resource.TestStep{ 311 Config: testAccAWSSecurityGroupConfigSelf, 312 Check: resource.ComposeTestCheckFunc( 313 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 314 resource.TestCheckResourceAttr( 315 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 316 resource.TestCheckResourceAttr( 317 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 318 resource.TestCheckResourceAttr( 319 "aws_security_group.web", "ingress.3971148406.protocol", "tcp"), 320 resource.TestCheckResourceAttr( 321 "aws_security_group.web", "ingress.3971148406.from_port", "80"), 322 resource.TestCheckResourceAttr( 323 "aws_security_group.web", "ingress.3971148406.to_port", "8000"), 324 resource.TestCheckResourceAttr( 325 "aws_security_group.web", "ingress.3971148406.self", "true"), 326 checkSelf, 327 ), 328 }, 329 }, 330 }) 331 } 332 333 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 334 var group ec2.SecurityGroup 335 336 testCheck := func(*terraform.State) error { 337 if *group.VpcId == "" { 338 return fmt.Errorf("should have vpc ID") 339 } 340 341 return nil 342 } 343 344 resource.Test(t, resource.TestCase{ 345 PreCheck: func() { testAccPreCheck(t) }, 346 Providers: testAccProviders, 347 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 348 Steps: []resource.TestStep{ 349 resource.TestStep{ 350 Config: testAccAWSSecurityGroupConfigVpc, 351 Check: resource.ComposeTestCheckFunc( 352 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 353 testAccCheckAWSSecurityGroupAttributes(&group), 354 resource.TestCheckResourceAttr( 355 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 356 resource.TestCheckResourceAttr( 357 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 358 resource.TestCheckResourceAttr( 359 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 360 resource.TestCheckResourceAttr( 361 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 362 resource.TestCheckResourceAttr( 363 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 364 resource.TestCheckResourceAttr( 365 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 366 resource.TestCheckResourceAttr( 367 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 368 resource.TestCheckResourceAttr( 369 "aws_security_group.web", "egress.3629188364.protocol", "tcp"), 370 resource.TestCheckResourceAttr( 371 "aws_security_group.web", "egress.3629188364.from_port", "80"), 372 resource.TestCheckResourceAttr( 373 "aws_security_group.web", "egress.3629188364.to_port", "8000"), 374 resource.TestCheckResourceAttr( 375 "aws_security_group.web", "egress.3629188364.cidr_blocks.#", "1"), 376 resource.TestCheckResourceAttr( 377 "aws_security_group.web", "egress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 378 testCheck, 379 ), 380 }, 381 }, 382 }) 383 } 384 385 func TestAccAWSSecurityGroup_vpcNegOneIngress(t *testing.T) { 386 var group ec2.SecurityGroup 387 388 testCheck := func(*terraform.State) error { 389 if *group.VpcId == "" { 390 return fmt.Errorf("should have vpc ID") 391 } 392 393 return nil 394 } 395 396 resource.Test(t, resource.TestCase{ 397 PreCheck: func() { testAccPreCheck(t) }, 398 Providers: testAccProviders, 399 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 400 Steps: []resource.TestStep{ 401 resource.TestStep{ 402 Config: testAccAWSSecurityGroupConfigVpcNegOneIngress, 403 Check: resource.ComposeTestCheckFunc( 404 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 405 testAccCheckAWSSecurityGroupAttributesNegOneProtocol(&group), 406 resource.TestCheckResourceAttr( 407 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 408 resource.TestCheckResourceAttr( 409 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 410 resource.TestCheckResourceAttr( 411 "aws_security_group.web", "ingress.956249133.protocol", "-1"), 412 resource.TestCheckResourceAttr( 413 "aws_security_group.web", "ingress.956249133.from_port", "0"), 414 resource.TestCheckResourceAttr( 415 "aws_security_group.web", "ingress.956249133.to_port", "0"), 416 resource.TestCheckResourceAttr( 417 "aws_security_group.web", "ingress.956249133.cidr_blocks.#", "1"), 418 resource.TestCheckResourceAttr( 419 "aws_security_group.web", "ingress.956249133.cidr_blocks.0", "10.0.0.0/8"), 420 testCheck, 421 ), 422 }, 423 }, 424 }) 425 } 426 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 427 var group ec2.SecurityGroup 428 429 resource.Test(t, resource.TestCase{ 430 PreCheck: func() { testAccPreCheck(t) }, 431 Providers: testAccProviders, 432 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 433 Steps: []resource.TestStep{ 434 resource.TestStep{ 435 Config: testAccAWSSecurityGroupConfigMultiIngress, 436 Check: resource.ComposeTestCheckFunc( 437 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 438 ), 439 }, 440 }, 441 }) 442 } 443 444 func TestAccAWSSecurityGroup_Change(t *testing.T) { 445 var group ec2.SecurityGroup 446 447 resource.Test(t, resource.TestCase{ 448 PreCheck: func() { testAccPreCheck(t) }, 449 Providers: testAccProviders, 450 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 451 Steps: []resource.TestStep{ 452 resource.TestStep{ 453 Config: testAccAWSSecurityGroupConfig, 454 Check: resource.ComposeTestCheckFunc( 455 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 456 ), 457 }, 458 resource.TestStep{ 459 Config: testAccAWSSecurityGroupConfigChange, 460 Check: resource.ComposeTestCheckFunc( 461 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 462 testAccCheckAWSSecurityGroupAttributesChanged(&group), 463 ), 464 }, 465 }, 466 }) 467 } 468 469 func TestAccAWSSecurityGroup_generatedName(t *testing.T) { 470 var group ec2.SecurityGroup 471 472 resource.Test(t, resource.TestCase{ 473 PreCheck: func() { testAccPreCheck(t) }, 474 Providers: testAccProviders, 475 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 476 Steps: []resource.TestStep{ 477 resource.TestStep{ 478 Config: testAccAWSSecurityGroupConfig_generatedName, 479 Check: resource.ComposeTestCheckFunc( 480 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 481 resource.TestCheckResourceAttr( 482 "aws_security_group.web", "description", "Managed by Terraform"), 483 func(s *terraform.State) error { 484 if group.GroupName == nil { 485 return fmt.Errorf("bad: No SG name") 486 } 487 if !strings.HasPrefix(*group.GroupName, "terraform-") { 488 return fmt.Errorf("No terraform- prefix: %s", *group.GroupName) 489 } 490 return nil 491 }, 492 ), 493 }, 494 }, 495 }) 496 } 497 498 func TestAccAWSSecurityGroup_DefaultEgress(t *testing.T) { 499 500 // VPC 501 resource.Test(t, resource.TestCase{ 502 PreCheck: func() { testAccPreCheck(t) }, 503 Providers: testAccProviders, 504 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 505 Steps: []resource.TestStep{ 506 resource.TestStep{ 507 Config: testAccAWSSecurityGroupConfigDefaultEgress, 508 Check: resource.ComposeTestCheckFunc( 509 testAccCheckAWSSecurityGroupExistsWithoutDefault("aws_security_group.worker"), 510 ), 511 }, 512 }, 513 }) 514 515 // Classic 516 var group ec2.SecurityGroup 517 resource.Test(t, resource.TestCase{ 518 PreCheck: func() { testAccPreCheck(t) }, 519 Providers: testAccProviders, 520 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 521 Steps: []resource.TestStep{ 522 resource.TestStep{ 523 Config: testAccAWSSecurityGroupConfigClassic, 524 Check: resource.ComposeTestCheckFunc( 525 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 526 ), 527 }, 528 }, 529 }) 530 } 531 532 // Testing drift detection with groups containing the same port and types 533 func TestAccAWSSecurityGroup_drift(t *testing.T) { 534 var group ec2.SecurityGroup 535 resource.Test(t, resource.TestCase{ 536 PreCheck: func() { testAccPreCheck(t) }, 537 Providers: testAccProviders, 538 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 539 Steps: []resource.TestStep{ 540 resource.TestStep{ 541 Config: testAccAWSSecurityGroupConfig_drift(), 542 Check: resource.ComposeTestCheckFunc( 543 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 544 resource.TestCheckResourceAttr( 545 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 546 resource.TestCheckResourceAttr( 547 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 548 resource.TestCheckResourceAttr( 549 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 550 resource.TestCheckResourceAttr( 551 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 552 resource.TestCheckResourceAttr( 553 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 554 resource.TestCheckResourceAttr( 555 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 556 ), 557 }, 558 }, 559 }) 560 } 561 562 func TestAccAWSSecurityGroup_drift_complex(t *testing.T) { 563 var group ec2.SecurityGroup 564 565 resource.Test(t, resource.TestCase{ 566 PreCheck: func() { testAccPreCheck(t) }, 567 Providers: testAccProviders, 568 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 569 Steps: []resource.TestStep{ 570 resource.TestStep{ 571 Config: testAccAWSSecurityGroupConfig_drift_complex(), 572 Check: resource.ComposeTestCheckFunc( 573 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 574 resource.TestCheckResourceAttr( 575 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 576 resource.TestCheckResourceAttr( 577 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 578 resource.TestCheckResourceAttr( 579 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 580 resource.TestCheckResourceAttr( 581 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 582 resource.TestCheckResourceAttr( 583 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 584 resource.TestCheckResourceAttr( 585 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 586 ), 587 }, 588 }, 589 }) 590 } 591 592 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 593 conn := testAccProvider.Meta().(*AWSClient).ec2conn 594 595 for _, rs := range s.RootModule().Resources { 596 if rs.Type != "aws_security_group" { 597 continue 598 } 599 600 // Retrieve our group 601 req := &ec2.DescribeSecurityGroupsInput{ 602 GroupIds: []*string{aws.String(rs.Primary.ID)}, 603 } 604 resp, err := conn.DescribeSecurityGroups(req) 605 if err == nil { 606 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 607 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 608 } 609 610 return nil 611 } 612 613 ec2err, ok := err.(awserr.Error) 614 if !ok { 615 return err 616 } 617 // Confirm error code is what we want 618 if ec2err.Code() != "InvalidGroup.NotFound" { 619 return err 620 } 621 } 622 623 return nil 624 } 625 626 func testAccCheckAWSSecurityGroupGeneratedNamePrefix( 627 resource, prefix string) resource.TestCheckFunc { 628 return func(s *terraform.State) error { 629 r, ok := s.RootModule().Resources[resource] 630 if !ok { 631 return fmt.Errorf("Resource not found") 632 } 633 name, ok := r.Primary.Attributes["name"] 634 if !ok { 635 return fmt.Errorf("Name attr not found: %#v", r.Primary.Attributes) 636 } 637 if !strings.HasPrefix(name, prefix) { 638 return fmt.Errorf("Name: %q, does not have prefix: %q", name, prefix) 639 } 640 return nil 641 } 642 } 643 644 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc { 645 return func(s *terraform.State) error { 646 rs, ok := s.RootModule().Resources[n] 647 if !ok { 648 return fmt.Errorf("Not found: %s", n) 649 } 650 651 if rs.Primary.ID == "" { 652 return fmt.Errorf("No Security Group is set") 653 } 654 655 conn := testAccProvider.Meta().(*AWSClient).ec2conn 656 req := &ec2.DescribeSecurityGroupsInput{ 657 GroupIds: []*string{aws.String(rs.Primary.ID)}, 658 } 659 resp, err := conn.DescribeSecurityGroups(req) 660 if err != nil { 661 return err 662 } 663 664 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 665 *group = *resp.SecurityGroups[0] 666 return nil 667 } 668 669 return fmt.Errorf("Security Group not found") 670 } 671 } 672 673 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 674 return func(s *terraform.State) error { 675 p := &ec2.IpPermission{ 676 FromPort: aws.Int64(80), 677 ToPort: aws.Int64(8000), 678 IpProtocol: aws.String("tcp"), 679 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 680 } 681 682 if *group.GroupName != "terraform_acceptance_test_example" { 683 return fmt.Errorf("Bad name: %s", *group.GroupName) 684 } 685 686 if *group.Description != "Used in the terraform acceptance tests" { 687 return fmt.Errorf("Bad description: %s", *group.Description) 688 } 689 690 if len(group.IpPermissions) == 0 { 691 return fmt.Errorf("No IPPerms") 692 } 693 694 // Compare our ingress 695 if !reflect.DeepEqual(group.IpPermissions[0], p) { 696 return fmt.Errorf( 697 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 698 group.IpPermissions[0], 699 p) 700 } 701 702 return nil 703 } 704 } 705 706 func testAccCheckAWSSecurityGroupAttributesNegOneProtocol(group *ec2.SecurityGroup) resource.TestCheckFunc { 707 return func(s *terraform.State) error { 708 p := &ec2.IpPermission{ 709 IpProtocol: aws.String("-1"), 710 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 711 } 712 713 if *group.GroupName != "terraform_acceptance_test_example" { 714 return fmt.Errorf("Bad name: %s", *group.GroupName) 715 } 716 717 if *group.Description != "Used in the terraform acceptance tests" { 718 return fmt.Errorf("Bad description: %s", *group.Description) 719 } 720 721 if len(group.IpPermissions) == 0 { 722 return fmt.Errorf("No IPPerms") 723 } 724 725 // Compare our ingress 726 if !reflect.DeepEqual(group.IpPermissions[0], p) { 727 return fmt.Errorf( 728 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 729 group.IpPermissions[0], 730 p) 731 } 732 733 return nil 734 } 735 } 736 737 func TestAccAWSSecurityGroup_tags(t *testing.T) { 738 var group ec2.SecurityGroup 739 740 resource.Test(t, resource.TestCase{ 741 PreCheck: func() { testAccPreCheck(t) }, 742 Providers: testAccProviders, 743 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 744 Steps: []resource.TestStep{ 745 resource.TestStep{ 746 Config: testAccAWSSecurityGroupConfigTags, 747 Check: resource.ComposeTestCheckFunc( 748 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 749 testAccCheckTags(&group.Tags, "foo", "bar"), 750 ), 751 }, 752 753 resource.TestStep{ 754 Config: testAccAWSSecurityGroupConfigTagsUpdate, 755 Check: resource.ComposeTestCheckFunc( 756 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 757 testAccCheckTags(&group.Tags, "foo", ""), 758 testAccCheckTags(&group.Tags, "bar", "baz"), 759 ), 760 }, 761 }, 762 }) 763 } 764 765 func TestAccAWSSecurityGroup_CIDRandGroups(t *testing.T) { 766 var group ec2.SecurityGroup 767 768 resource.Test(t, resource.TestCase{ 769 PreCheck: func() { testAccPreCheck(t) }, 770 Providers: testAccProviders, 771 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 772 Steps: []resource.TestStep{ 773 resource.TestStep{ 774 Config: testAccAWSSecurityGroupCombindCIDRandGroups, 775 Check: resource.ComposeTestCheckFunc( 776 testAccCheckAWSSecurityGroupExists("aws_security_group.mixed", &group), 777 // testAccCheckAWSSecurityGroupAttributes(&group), 778 ), 779 }, 780 }, 781 }) 782 } 783 784 func TestAccAWSSecurityGroup_ingressWithCidrAndSGs(t *testing.T) { 785 var group ec2.SecurityGroup 786 787 resource.Test(t, resource.TestCase{ 788 PreCheck: func() { testAccPreCheck(t) }, 789 Providers: testAccProviders, 790 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 791 Steps: []resource.TestStep{ 792 resource.TestStep{ 793 Config: testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs, 794 Check: resource.ComposeTestCheckFunc( 795 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 796 testAccCheckAWSSecurityGroupSGandCidrAttributes(&group), 797 resource.TestCheckResourceAttr( 798 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 799 resource.TestCheckResourceAttr( 800 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 801 resource.TestCheckResourceAttr( 802 "aws_security_group.web", "ingress.#", "2"), 803 ), 804 }, 805 }, 806 }) 807 } 808 809 // This test requires an EC2 Classic region 810 func TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic(t *testing.T) { 811 var group ec2.SecurityGroup 812 813 resource.Test(t, resource.TestCase{ 814 PreCheck: func() { testAccPreCheck(t) }, 815 Providers: testAccProviders, 816 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 817 Steps: []resource.TestStep{ 818 resource.TestStep{ 819 Config: testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic, 820 Check: resource.ComposeTestCheckFunc( 821 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 822 testAccCheckAWSSecurityGroupSGandCidrAttributes(&group), 823 resource.TestCheckResourceAttr( 824 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 825 resource.TestCheckResourceAttr( 826 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 827 resource.TestCheckResourceAttr( 828 "aws_security_group.web", "ingress.#", "2"), 829 ), 830 }, 831 }, 832 }) 833 } 834 835 func testAccCheckAWSSecurityGroupSGandCidrAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 836 return func(s *terraform.State) error { 837 if *group.GroupName != "terraform_acceptance_test_example" { 838 return fmt.Errorf("Bad name: %s", *group.GroupName) 839 } 840 841 if *group.Description != "Used in the terraform acceptance tests" { 842 return fmt.Errorf("Bad description: %s", *group.Description) 843 } 844 845 if len(group.IpPermissions) == 0 { 846 return fmt.Errorf("No IPPerms") 847 } 848 849 if len(group.IpPermissions) != 2 { 850 return fmt.Errorf("Expected 2 ingress rules, got %d", len(group.IpPermissions)) 851 } 852 853 for _, p := range group.IpPermissions { 854 if *p.FromPort == int64(22) { 855 if len(p.IpRanges) != 1 || p.UserIdGroupPairs != nil { 856 return fmt.Errorf("Found ip perm of 22, but not the right ipranges / pairs: %s", p) 857 } 858 continue 859 } else if *p.FromPort == int64(80) { 860 if len(p.IpRanges) != 1 || len(p.UserIdGroupPairs) != 1 { 861 return fmt.Errorf("Found ip perm of 80, but not the right ipranges / pairs: %s", p) 862 } 863 continue 864 } 865 return fmt.Errorf("Found a rouge rule") 866 } 867 868 return nil 869 } 870 } 871 872 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroup) resource.TestCheckFunc { 873 return func(s *terraform.State) error { 874 p := []*ec2.IpPermission{ 875 &ec2.IpPermission{ 876 FromPort: aws.Int64(80), 877 ToPort: aws.Int64(9000), 878 IpProtocol: aws.String("tcp"), 879 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 880 }, 881 &ec2.IpPermission{ 882 FromPort: aws.Int64(80), 883 ToPort: aws.Int64(8000), 884 IpProtocol: aws.String("tcp"), 885 IpRanges: []*ec2.IpRange{ 886 &ec2.IpRange{ 887 CidrIp: aws.String("0.0.0.0/0"), 888 }, 889 &ec2.IpRange{ 890 CidrIp: aws.String("10.0.0.0/8"), 891 }, 892 }, 893 }, 894 } 895 896 if *group.GroupName != "terraform_acceptance_test_example" { 897 return fmt.Errorf("Bad name: %s", *group.GroupName) 898 } 899 900 if *group.Description != "Used in the terraform acceptance tests" { 901 return fmt.Errorf("Bad description: %s", *group.Description) 902 } 903 904 // Compare our ingress 905 if len(group.IpPermissions) != 2 { 906 return fmt.Errorf( 907 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 908 group.IpPermissions, 909 p) 910 } 911 912 if *group.IpPermissions[0].ToPort == 8000 { 913 group.IpPermissions[1], group.IpPermissions[0] = 914 group.IpPermissions[0], group.IpPermissions[1] 915 } 916 917 if !reflect.DeepEqual(group.IpPermissions, p) { 918 return fmt.Errorf( 919 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 920 group.IpPermissions, 921 p) 922 } 923 924 return nil 925 } 926 } 927 928 func testAccCheckAWSSecurityGroupExistsWithoutDefault(n string) resource.TestCheckFunc { 929 return func(s *terraform.State) error { 930 rs, ok := s.RootModule().Resources[n] 931 if !ok { 932 return fmt.Errorf("Not found: %s", n) 933 } 934 935 if rs.Primary.ID == "" { 936 return fmt.Errorf("No Security Group is set") 937 } 938 939 conn := testAccProvider.Meta().(*AWSClient).ec2conn 940 req := &ec2.DescribeSecurityGroupsInput{ 941 GroupIds: []*string{aws.String(rs.Primary.ID)}, 942 } 943 resp, err := conn.DescribeSecurityGroups(req) 944 if err != nil { 945 return err 946 } 947 948 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 949 group := *resp.SecurityGroups[0] 950 951 if len(group.IpPermissionsEgress) != 1 { 952 return fmt.Errorf("Security Group should have only 1 egress rule, got %d", len(group.IpPermissionsEgress)) 953 } 954 } 955 956 return nil 957 } 958 } 959 960 const testAccAWSSecurityGroupConfig = ` 961 resource "aws_security_group" "web" { 962 name = "terraform_acceptance_test_example" 963 description = "Used in the terraform acceptance tests" 964 965 ingress { 966 protocol = "6" 967 from_port = 80 968 to_port = 8000 969 cidr_blocks = ["10.0.0.0/8"] 970 } 971 972 egress { 973 protocol = "tcp" 974 from_port = 80 975 to_port = 8000 976 cidr_blocks = ["10.0.0.0/8"] 977 } 978 979 tags { 980 Name = "tf-acc-test" 981 } 982 } 983 ` 984 985 const testAccAWSSecurityGroupConfigChange = ` 986 resource "aws_security_group" "web" { 987 name = "terraform_acceptance_test_example" 988 description = "Used in the terraform acceptance tests" 989 990 ingress { 991 protocol = "tcp" 992 from_port = 80 993 to_port = 9000 994 cidr_blocks = ["10.0.0.0/8"] 995 } 996 997 ingress { 998 protocol = "tcp" 999 from_port = 80 1000 to_port = 8000 1001 cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"] 1002 } 1003 1004 egress { 1005 protocol = "tcp" 1006 from_port = 80 1007 to_port = 8000 1008 cidr_blocks = ["10.0.0.0/8"] 1009 } 1010 } 1011 ` 1012 1013 const testAccAWSSecurityGroupConfigSelf = ` 1014 resource "aws_security_group" "web" { 1015 name = "terraform_acceptance_test_example" 1016 description = "Used in the terraform acceptance tests" 1017 1018 ingress { 1019 protocol = "tcp" 1020 from_port = 80 1021 to_port = 8000 1022 self = true 1023 } 1024 1025 egress { 1026 protocol = "tcp" 1027 from_port = 80 1028 to_port = 8000 1029 cidr_blocks = ["10.0.0.0/8"] 1030 } 1031 } 1032 ` 1033 1034 const testAccAWSSecurityGroupConfigVpc = ` 1035 resource "aws_vpc" "foo" { 1036 cidr_block = "10.1.0.0/16" 1037 } 1038 1039 resource "aws_security_group" "web" { 1040 name = "terraform_acceptance_test_example" 1041 description = "Used in the terraform acceptance tests" 1042 vpc_id = "${aws_vpc.foo.id}" 1043 1044 ingress { 1045 protocol = "tcp" 1046 from_port = 80 1047 to_port = 8000 1048 cidr_blocks = ["10.0.0.0/8"] 1049 } 1050 1051 egress { 1052 protocol = "tcp" 1053 from_port = 80 1054 to_port = 8000 1055 cidr_blocks = ["10.0.0.0/8"] 1056 } 1057 } 1058 ` 1059 1060 const testAccAWSSecurityGroupConfigVpcNegOneIngress = ` 1061 resource "aws_vpc" "foo" { 1062 cidr_block = "10.1.0.0/16" 1063 } 1064 1065 resource "aws_security_group" "web" { 1066 name = "terraform_acceptance_test_example" 1067 description = "Used in the terraform acceptance tests" 1068 vpc_id = "${aws_vpc.foo.id}" 1069 1070 ingress { 1071 protocol = "-1" 1072 from_port = 0 1073 to_port = 0 1074 cidr_blocks = ["10.0.0.0/8"] 1075 } 1076 } 1077 ` 1078 const testAccAWSSecurityGroupConfigMultiIngress = ` 1079 resource "aws_security_group" "worker" { 1080 name = "terraform_acceptance_test_example_1" 1081 description = "Used in the terraform acceptance tests" 1082 1083 ingress { 1084 protocol = "tcp" 1085 from_port = 80 1086 to_port = 8000 1087 cidr_blocks = ["10.0.0.0/8"] 1088 } 1089 1090 egress { 1091 protocol = "tcp" 1092 from_port = 80 1093 to_port = 8000 1094 cidr_blocks = ["10.0.0.0/8"] 1095 } 1096 } 1097 1098 resource "aws_security_group" "web" { 1099 name = "terraform_acceptance_test_example_2" 1100 description = "Used in the terraform acceptance tests" 1101 1102 ingress { 1103 protocol = "tcp" 1104 from_port = 22 1105 to_port = 22 1106 cidr_blocks = ["10.0.0.0/8"] 1107 } 1108 1109 ingress { 1110 protocol = "tcp" 1111 from_port = 800 1112 to_port = 800 1113 cidr_blocks = ["10.0.0.0/8"] 1114 } 1115 1116 ingress { 1117 protocol = "tcp" 1118 from_port = 80 1119 to_port = 8000 1120 security_groups = ["${aws_security_group.worker.id}"] 1121 } 1122 1123 egress { 1124 protocol = "tcp" 1125 from_port = 80 1126 to_port = 8000 1127 cidr_blocks = ["10.0.0.0/8"] 1128 } 1129 } 1130 ` 1131 1132 const testAccAWSSecurityGroupConfigTags = ` 1133 resource "aws_security_group" "foo" { 1134 name = "terraform_acceptance_test_example" 1135 description = "Used in the terraform acceptance tests" 1136 1137 ingress { 1138 protocol = "tcp" 1139 from_port = 80 1140 to_port = 8000 1141 cidr_blocks = ["10.0.0.0/8"] 1142 } 1143 1144 egress { 1145 protocol = "tcp" 1146 from_port = 80 1147 to_port = 8000 1148 cidr_blocks = ["10.0.0.0/8"] 1149 } 1150 1151 tags { 1152 foo = "bar" 1153 } 1154 } 1155 ` 1156 1157 const testAccAWSSecurityGroupConfigTagsUpdate = ` 1158 resource "aws_security_group" "foo" { 1159 name = "terraform_acceptance_test_example" 1160 description = "Used in the terraform acceptance tests" 1161 1162 ingress { 1163 protocol = "tcp" 1164 from_port = 80 1165 to_port = 8000 1166 cidr_blocks = ["10.0.0.0/8"] 1167 } 1168 1169 egress { 1170 protocol = "tcp" 1171 from_port = 80 1172 to_port = 8000 1173 cidr_blocks = ["10.0.0.0/8"] 1174 } 1175 1176 tags { 1177 bar = "baz" 1178 } 1179 } 1180 ` 1181 1182 const testAccAWSSecurityGroupConfig_generatedName = ` 1183 resource "aws_security_group" "web" { 1184 ingress { 1185 protocol = "tcp" 1186 from_port = 80 1187 to_port = 8000 1188 cidr_blocks = ["10.0.0.0/8"] 1189 } 1190 1191 egress { 1192 protocol = "tcp" 1193 from_port = 80 1194 to_port = 8000 1195 cidr_blocks = ["10.0.0.0/8"] 1196 } 1197 1198 tags { 1199 Name = "tf-acc-test" 1200 } 1201 } 1202 ` 1203 1204 const testAccAWSSecurityGroupConfigDefaultEgress = ` 1205 resource "aws_vpc" "tf_sg_egress_test" { 1206 cidr_block = "10.0.0.0/16" 1207 tags { 1208 Name = "tf_sg_egress_test" 1209 } 1210 } 1211 1212 resource "aws_security_group" "worker" { 1213 name = "terraform_acceptance_test_example_1" 1214 description = "Used in the terraform acceptance tests" 1215 vpc_id = "${aws_vpc.tf_sg_egress_test.id}" 1216 1217 egress { 1218 protocol = "tcp" 1219 from_port = 80 1220 to_port = 8000 1221 cidr_blocks = ["10.0.0.0/8"] 1222 } 1223 } 1224 ` 1225 1226 const testAccAWSSecurityGroupConfigClassic = ` 1227 provider "aws" { 1228 region = "us-east-1" 1229 } 1230 1231 resource "aws_security_group" "web" { 1232 name = "terraform_acceptance_test_example_1" 1233 description = "Used in the terraform acceptance tests" 1234 } 1235 ` 1236 1237 const testAccAWSSecurityGroupPrefixNameConfig = ` 1238 provider "aws" { 1239 region = "us-east-1" 1240 } 1241 1242 resource "aws_security_group" "baz" { 1243 name_prefix = "baz-" 1244 description = "Used in the terraform acceptance tests" 1245 } 1246 ` 1247 1248 func testAccAWSSecurityGroupConfig_drift() string { 1249 return fmt.Sprintf(` 1250 resource "aws_security_group" "web" { 1251 name = "tf_acc_%d" 1252 description = "Used in the terraform acceptance tests" 1253 1254 ingress { 1255 protocol = "tcp" 1256 from_port = 80 1257 to_port = 8000 1258 cidr_blocks = ["10.0.0.0/8"] 1259 } 1260 1261 ingress { 1262 protocol = "tcp" 1263 from_port = 80 1264 to_port = 8000 1265 cidr_blocks = ["206.0.0.0/8"] 1266 } 1267 1268 tags { 1269 Name = "tf-acc-test" 1270 } 1271 } 1272 `, acctest.RandInt()) 1273 } 1274 1275 func testAccAWSSecurityGroupConfig_drift_complex() string { 1276 return fmt.Sprintf(` 1277 resource "aws_security_group" "otherweb" { 1278 name = "tf_acc_%d" 1279 description = "Used in the terraform acceptance tests" 1280 } 1281 1282 resource "aws_security_group" "web" { 1283 name = "tf_acc_%d" 1284 description = "Used in the terraform acceptance tests" 1285 1286 ingress { 1287 protocol = "tcp" 1288 from_port = 80 1289 to_port = 8000 1290 cidr_blocks = ["10.0.0.0/8"] 1291 } 1292 1293 ingress { 1294 protocol = "tcp" 1295 from_port = 80 1296 to_port = 8000 1297 cidr_blocks = ["206.0.0.0/8"] 1298 } 1299 1300 ingress { 1301 protocol = "tcp" 1302 from_port = 22 1303 to_port = 22 1304 security_groups = ["${aws_security_group.otherweb.id}"] 1305 } 1306 1307 egress { 1308 protocol = "tcp" 1309 from_port = 80 1310 to_port = 8000 1311 cidr_blocks = ["206.0.0.0/8"] 1312 } 1313 1314 egress { 1315 protocol = "tcp" 1316 from_port = 80 1317 to_port = 8000 1318 cidr_blocks = ["10.0.0.0/8"] 1319 } 1320 1321 egress { 1322 protocol = "tcp" 1323 from_port = 22 1324 to_port = 22 1325 security_groups = ["${aws_security_group.otherweb.id}"] 1326 } 1327 1328 tags { 1329 Name = "tf-acc-test" 1330 } 1331 }`, acctest.RandInt(), acctest.RandInt()) 1332 } 1333 1334 const testAccAWSSecurityGroupCombindCIDRandGroups = ` 1335 resource "aws_security_group" "two" { 1336 name = "tf-test-1" 1337 tags { 1338 Name = "tf-test-1" 1339 } 1340 } 1341 1342 resource "aws_security_group" "one" { 1343 name = "tf-test-2" 1344 tags { 1345 Name = "tf-test-w" 1346 } 1347 } 1348 1349 resource "aws_security_group" "three" { 1350 name = "tf-test-3" 1351 tags { 1352 Name = "tf-test-3" 1353 } 1354 } 1355 1356 resource "aws_security_group" "mixed" { 1357 name = "tf-mix-test" 1358 1359 ingress { 1360 from_port = 80 1361 to_port = 80 1362 protocol = "tcp" 1363 cidr_blocks = ["10.0.0.0/16", "10.1.0.0/16", "10.7.0.0/16"] 1364 1365 security_groups = [ 1366 "${aws_security_group.one.id}", 1367 "${aws_security_group.two.id}", 1368 "${aws_security_group.three.id}", 1369 ] 1370 } 1371 1372 tags { 1373 Name = "tf-mix-test" 1374 } 1375 } 1376 ` 1377 1378 const testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs = ` 1379 resource "aws_security_group" "other_web" { 1380 name = "tf_other_acc_tests" 1381 description = "Used in the terraform acceptance tests" 1382 1383 tags { 1384 Name = "tf-acc-test" 1385 } 1386 } 1387 1388 resource "aws_security_group" "web" { 1389 name = "terraform_acceptance_test_example" 1390 description = "Used in the terraform acceptance tests" 1391 1392 ingress { 1393 protocol = "tcp" 1394 from_port = "22" 1395 to_port = "22" 1396 1397 cidr_blocks = [ 1398 "192.168.0.1/32", 1399 ] 1400 } 1401 1402 ingress { 1403 protocol = "tcp" 1404 from_port = 80 1405 to_port = 8000 1406 cidr_blocks = ["10.0.0.0/8"] 1407 security_groups = ["${aws_security_group.other_web.id}"] 1408 } 1409 1410 egress { 1411 protocol = "tcp" 1412 from_port = 80 1413 to_port = 8000 1414 cidr_blocks = ["10.0.0.0/8"] 1415 } 1416 1417 tags { 1418 Name = "tf-acc-test" 1419 } 1420 } 1421 ` 1422 1423 const testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic = ` 1424 provider "aws" { 1425 region = "us-east-1" 1426 } 1427 1428 resource "aws_security_group" "other_web" { 1429 name = "tf_other_acc_tests" 1430 description = "Used in the terraform acceptance tests" 1431 1432 tags { 1433 Name = "tf-acc-test" 1434 } 1435 } 1436 1437 resource "aws_security_group" "web" { 1438 name = "terraform_acceptance_test_example" 1439 description = "Used in the terraform acceptance tests" 1440 1441 ingress { 1442 protocol = "tcp" 1443 from_port = "22" 1444 to_port = "22" 1445 1446 cidr_blocks = [ 1447 "192.168.0.1/32", 1448 ] 1449 } 1450 1451 ingress { 1452 protocol = "tcp" 1453 from_port = 80 1454 to_port = 8000 1455 cidr_blocks = ["10.0.0.0/8"] 1456 security_groups = ["${aws_security_group.other_web.name}"] 1457 } 1458 1459 tags { 1460 Name = "tf-acc-test" 1461 } 1462 } 1463 `