github.com/jrasell/terraform@v0.6.17-0.20160523115548-2652f5232949/website/source/docs/providers/aws/r/security_group.html.markdown

github.com/jrasell/terraform@v0.6.17-0.20160523115548-2652f5232949/website/source/docs/providers/aws/r/security_group.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_security_group"
     4  sidebar_current: "docs-aws-resource-security-group"
     5  description: |-
     6    Provides a security group resource.
     7  ---
     8  
     9  # aws\_security\_group
    10  
    11  Provides a security group resource.
    12  
    13  ~> **NOTE on Security Groups and Security Group Rules:** Terraform currently
    14  provides both a standalone [Security Group Rule resource](security_group_rule.html) (a single `ingress` or
    15  `egress` rule), and a Security Group resource with `ingress` and `egress` rules
    16  defined in-line. At this time you cannot use a Security Group with in-line rules
    17  in conjunction with any Security Group Rule resources. Doing so will cause
    18  a conflict of rule settings and will overwrite rules.
    19  
    20  ## Example Usage
    21  
    22  Basic usage
    23  
    24  ```
    25  resource "aws_security_group" "allow_all" {
    26    name = "allow_all"
    27    description = "Allow all inbound traffic"
    28  
    29    ingress {
    30        from_port = 0
    31        to_port = 0
    32        protocol = "-1"
    33        cidr_blocks = ["0.0.0.0/0"]
    34    }
    35  
    36    egress {
    37        from_port = 0
    38        to_port = 0
    39        protocol = "-1"
    40        cidr_blocks = ["0.0.0.0/0"]
    41    }
    42  }
    43  ```
    44  
    45  Basic usage with tags:
    46  
    47  ```
    48  resource "aws_security_group" "allow_all" {
    49    name = "allow_all"
    50    description = "Allow all inbound traffic"
    51  
    52    ingress {
    53        from_port = 0
    54        to_port = 65535
    55        protocol = "tcp"
    56        cidr_blocks = ["0.0.0.0/0"]
    57    }
    58  
    59    tags {
    60      Name = "allow_all"
    61    }
    62  }
    63  ```
    64  
    65  ## Argument Reference
    66  
    67  The following arguments are supported:
    68  
    69  * `name` - (Optional, Forces new resource) The name of the security group. If omitted, Terraform will
    70  assign a random, unique name
    71  * `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified
    72    prefix. Conflicts with `name`.
    73  * `description` - (Optional, Forces new resource) The security group description. Defaults to
    74    "Managed by Terraform". Cannot be "". __NOTE__: This field maps to the AWS
    75    `GroupDescription` attribute, for which there is no Update API. If you'd like
    76    to classify your security groups in a way that can be updated, use `tags`.
    77  * `ingress` - (Optional) Can be specified multiple times for each
    78     ingress rule. Each ingress block supports fields documented below.
    79  * `egress` - (Optional, VPC only) Can be specified multiple times for each
    80        egress rule. Each egress block supports fields documented below.
    81  * `vpc_id` - (Optional, Forces new resource) The VPC ID.
    82  * `tags` - (Optional) A mapping of tags to assign to the resource.
    83  
    84  The `ingress` block supports:
    85  
    86  * `cidr_blocks` - (Optional) List of CIDR blocks.
    87  * `from_port` - (Required) The start port (or ICMP type number if protocol is "icmp")
    88  * `protocol` - (Required) The protocol. If you select a protocol of
    89  "-1", you must specify a "from_port" and "to_port" equal to 0.
    90  * `security_groups` - (Optional) List of security group Group Names if using
    91      EC2-Classic, or Group IDs if using a VPC.
    92  * `self` - (Optional) If true, the security group itself will be added as
    93       a source to this ingress rule.
    94  * `to_port` - (Required) The end range port.
    95  
    96  The `egress` block supports:
    97  
    98  * `cidr_blocks` - (Optional) List of CIDR blocks.
    99  * `from_port` - (Required) The start port (or ICMP type number if protocol is "icmp")
   100  * `protocol` - (Required) The protocol. If you select a protocol of
   101  "-1", you must specify a "from_port" and "to_port" equal to 0.
   102  * `security_groups` - (Optional) List of security group Group Names if using
   103      EC2-Classic, or Group IDs if using a VPC.
   104  * `self` - (Optional) If true, the security group itself will be added as
   105       a source to this egress rule.
   106  * `to_port` - (Required) The end range port.
   107  
   108  ~> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a
   109  new Security Group inside of a VPC. When creating a new Security
   110  Group inside a VPC, **Terraform will remove this default rule**, and require you
   111  specifically re-create it if you desire that rule. We feel this leads to fewer
   112  surprises in terms of controlling your egress rules. If you desire this rule to
   113  be in place, you can use this `egress` block:
   114  
   115      egress {
   116        from_port = 0
   117        to_port = 0
   118        protocol = "-1"
   119        cidr_blocks = ["0.0.0.0/0"]
   120      }
   121  
   122  ## Attributes Reference
   123  
   124  The following attributes are exported:
   125  
   126  * `id` - The ID of the security group
   127  * `vpc_id` - The VPC ID.
   128  * `owner_id` - The owner ID.
   129  * `name` - The name of the security group
   130  * `description` - The description of the security group
   131  * `ingress` - The ingress rules. See above for more.
   132  * `egress` - The egress rules. See above for more.