github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/website/source/docs/providers/aws/r/security_group.html.markdown

github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/website/source/docs/providers/aws/r/security_group.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_security_group"
     4  sidebar_current: "docs-aws-resource-security-group"
     5  description: |-
     6    Provides a security group resource.
     7  ---
     8  
     9  # aws\_security\_group
    10  
    11  Provides a security group resource.
    12  
    13  ~> **NOTE on Security Groups and Security Group Rules:** Terraform currently
    14  provides both a standalone [Security Group Rule resource](security_group_rule.html) (a single `ingress` or
    15  `egress` rule), and a Security Group resource with `ingress` and `egress` rules
    16  defined in-line. At this time you cannot use a Security Group with in-line rules
    17  in conjunction with any Security Group Rule resources. Doing so will cause
    18  a conflict of rule settings and will overwrite rules.
    19  
    20  ## Example Usage
    21  
    22  Basic usage
    23  
    24  ```
    25  resource "aws_security_group" "allow_all" {
    26    name = "allow_all"
    27    description = "Allow all inbound traffic"
    28  
    29    ingress {
    30        from_port = 0
    31        to_port = 0
    32        protocol = "-1"
    33        cidr_blocks = ["0.0.0.0/0"]
    34    }
    35  
    36    egress {
    37        from_port = 0
    38        to_port = 0
    39        protocol = "-1"
    40        cidr_blocks = ["0.0.0.0/0"]
    41    }
    42  }
    43  ```
    44  
    45  Basic usage with tags:
    46  
    47  ```
    48  resource "aws_security_group" "allow_all" {
    49    name = "allow_all"
    50    description = "Allow all inbound traffic"
    51  
    52    ingress {
    53        from_port = 0
    54        to_port = 65535
    55        protocol = "tcp"
    56        cidr_blocks = ["0.0.0.0/0"]
    57    }
    58  
    59    tags {
    60      Name = "allow_all"
    61    }
    62  }
    63  ```
    64  
    65  ## Argument Reference
    66  
    67  The following arguments are supported:
    68  
    69  * `name` - (Optional) The name of the security group. If omitted, Terraform will
    70  assign a random, unique name
    71  * `description` - (Optional) The security group description. Defaults to "Managed by Terraform". Cannot be "".
    72  * `ingress` - (Optional) Can be specified multiple times for each
    73     ingress rule. Each ingress block supports fields documented below.
    74  * `egress` - (Optional, VPC only) Can be specified multiple times for each
    75        egress rule. Each egress block supports fields documented below.
    76  * `vpc_id` - (Optional) The VPC ID.
    77  * `tags` - (Optional) A mapping of tags to assign to the resource.
    78  
    79  The `ingress` block supports:
    80  
    81  * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
    82  * `from_port` - (Required) The start port.
    83  * `protocol` - (Required) The protocol. If you select a protocol of
    84  "-1", you must specify a "from_port" and "to_port" equal to 0.
    85  * `security_groups` - (Optional) List of security group Group Names if using
    86      EC2-Classic or the default VPC, or Group IDs if using a non-default VPC.
    87      Cannot be used with `cidr_blocks`.
    88  * `self` - (Optional) If true, the security group itself will be added as
    89       a source to this ingress rule.
    90  * `to_port` - (Required) The end range port.
    91  
    92  The `egress` block supports:
    93  
    94  * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be used with `security_groups`.
    95  * `from_port` - (Required) The start port.
    96  * `protocol` - (Required) The protocol. If you select a protocol of
    97  "-1", you must specify a "from_port" and "to_port" equal to 0.
    98  * `security_groups` - (Optional) List of security group Group Names if using
    99      EC2-Classic or the default VPC, or Group IDs if using a non-default VPC.
   100      Cannot be used with `cidr_blocks`.
   101  * `self` - (Optional) If true, the security group itself will be added as
   102       a source to this egress rule.
   103  * `to_port` - (Required) The end range port.
   104  
   105  ~> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a
   106  new Security Group inside of a VPC. When creating a new Security
   107  Group inside a VPC, **Terraform will remove this default rule**, and require you
   108  specifically re-create it if you desire that rule. We feel this leads to fewer
   109  surprises in terms of controlling your egress rules. If you desire this rule to
   110  be in place, you can use this `egress` block:
   111  
   112      egress {
   113        from_port = 0
   114        to_port = 0
   115        protocol = "-1"
   116        cidr_blocks = ["0.0.0.0/0"]
   117      }
   118  
   119  ## Attributes Reference
   120  
   121  The following attributes are exported:
   122  
   123  * `id` - The ID of the security group
   124  * `vpc_id` - The VPC ID.
   125  * `owner_id` - The owner ID.
   126  * `name` - The name of the security group
   127  * `description` - The description of the security group
   128  * `ingress` - The ingress rules. See above for more.
   129  * `egress` - The egress rules. See above for more.