github.com/i0n/terraform@v0.4.3-0.20150506151324-010a39a58ec1/website/source/docs/providers/aws/r/security_group.html.markdown

github.com/i0n/terraform@v0.4.3-0.20150506151324-010a39a58ec1/website/source/docs/providers/aws/r/security_group.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_security_group"
     4  sidebar_current: "docs-aws-resource-security-group"
     5  description: |-
     6    Provides an security group resource.
     7  ---
     8  
     9  # aws\_security\_group
    10  
    11  Provides a security group resource.
    12  
    13  ~> **NOTE on Security Groups and Security Group Rules:** Terraform currently
    14  provides both a standalone [Security Group Rule resource](security_group_rule.html) (a single `ingress` or
    15  `egress` rule), and a Security Group resource with `ingress` and `egress` rules
    16  defined in-line. At this time you cannot use a Security Group with in-line rules
    17  in conjunction with any Security Group Rule resources. Doing so will cause
    18  a conflict of rule settings and will overwrite rules.
    19  
    20  ## Example Usage
    21  
    22  Basic usage
    23  
    24  ```
    25  resource "aws_security_group" "allow_all" {
    26    name = "allow_all"
    27    description = "Allow all inbound traffic"
    28  
    29    ingress {
    30        from_port = 0
    31        to_port = 65535
    32        protocol = "-1"
    33        cidr_blocks = ["0.0.0.0/0"]
    34    }
    35  
    36    egress {
    37        from_port = 0
    38        to_port = 65535
    39        protocol = "-1"
    40        cidr_blocks = ["0.0.0.0/0"]
    41    }
    42  }
    43  ```
    44  
    45  Basic usage with tags:
    46  
    47  ```
    48  resource "aws_security_group" "allow_all" {
    49    name = "allow_all"
    50    description = "Allow all inbound traffic"
    51  
    52    ingress {
    53        from_port = 0
    54        to_port = 65535
    55        protocol = "tcp"
    56        cidr_blocks = ["0.0.0.0/0"]
    57    }
    58  
    59    tags {
    60      Name = "allow_all"
    61    }
    62  }
    63  ```
    64  
    65  ## Argument Reference
    66  
    67  The following arguments are supported:
    68  
    69  * `name` - (Required) The name of the security group
    70  * `description` - (Required) The security group description.
    71  * `ingress` - (Optional) Can be specified multiple times for each
    72     ingress rule. Each ingress block supports fields documented below.
    73  * `egress` - (Optional, VPC only) Can be specified multiple times for each
    74        egress rule. Each egress block supports fields documented below.
    75  * `vpc_id` - (Optional) The VPC ID.
    76  * `tags` - (Optional) A mapping of tags to assign to the resource.
    77  
    78  The `ingress` block supports:
    79  
    80  * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
    81  * `from_port` - (Required) The start port.
    82  * `protocol` - (Required) The protocol.
    83  * `security_groups` - (Optional) List of security group Group Names if using
    84      EC2-Classic or the default VPC, or Group IDs if using a non-default VPC.
    85      Cannot be used with `cidr_blocks`.
    86  * `self` - (Optional) If true, the security group itself will be added as
    87       a source to this ingress rule.
    88  * `to_port` - (Required) The end range port.
    89  
    90  The `egress` block supports:
    91  
    92  * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
    93  * `from_port` - (Required) The start port.
    94  * `protocol` - (Required) The protocol.
    95  * `security_groups` - (Optional) List of security group Group Names if using
    96      EC2-Classic or the default VPC, or Group IDs if using a non-default VPC.
    97      Cannot be used with `cidr_blocks`.
    98  * `self` - (Optional) If true, the security group itself will be added as
    99       a source to this egress rule.
   100  * `to_port` - (Required) The end range port.
   101  
   102  ~> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a
   103  new Security Group inside of a VPC. When creating a new Security
   104  Group inside a VPC, **Terraform will remove this default rule**, and require you
   105  specifically re-create it if you desire that rule. We feel this leads to fewer
   106  surprises in terms of controlling your egress rules. If you desire this rule to
   107  be in place, you can use this `egress` block:
   108  
   109      egress {
   110        from_port = 0
   111        to_port = 0
   112        protocol = "-1"
   113        cidr_block = "0.0.0.0/0"
   114      }
   115  
   116  ## Attributes Reference
   117  
   118  The following attributes are exported:
   119  
   120  * `id` - The ID of the security group
   121  * `vpc_id` - The VPC ID.
   122  * `owner_id` - The owner ID.
   123  * `name` - The name of the security group
   124  * `description` - The description of the security group
   125  * `ingress` - The ingress rules. See above for more.
   126  * `egress` - The egress rules. See above for more.