This module supports most operations on security groups for VPC. For more information, see About security groups in the IBM Cloud Docs.
The module supports the following scenarios:
- Create a security group in a VPC
- Create security group rules for a new or existing security group
- Create pre-defined security group rules to cover the range of IBM Cloud internal CIDRs for (service endpoints and IaaS endpoints)
- Attach a security group to one or more existing targets in the VPC (for example, VSI network interface, VPC load balancer, Virtual Private Endpoint gateways, VPC VPN servers)
See the following examples section for code that illustrates these scenarios.
module "create_sgr_rule" {
source = "terraform-ibm-modules/security-group/ibm"
version = "latest" # Replace "latest" with a release version to lock into a specific release
add_ibm_cloud_internal_rules = true
security_group_name = "test-sg"
security_group_rules = [{
name = "allow-all-inbound"
direction = "inbound"
remote = "0.0.0.0/0"
}]
target_ids = ["r006-37e5b107-3006-480b-a340-bb1951357a73"]
}
You need the following permissions to run this module.
- IAM services
- VPC Infrastructure services
Editor
platform access
- VPC Infrastructure services
Name | Version |
---|---|
terraform | >= 1.3 |
ibm | >= 1.59.0, < 2.0.0 |
No modules.
Name | Type |
---|---|
ibm_is_security_group.sg | resource |
ibm_is_security_group_rule.security_group_rule | resource |
ibm_is_security_group_target.sg_target | resource |
ibm_is_security_group.existing_sg | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
access_tags | A list of access management tags to attach to the security group. For more information, see working with tags | list(string) |
[] |
no |
add_ibm_cloud_internal_rules | Add IBM cloud Internal rules to the provided security group rules | bool |
false |
no |
existing_security_group_id | Id of an existing security group. Mutually exclusive with existing_security_group_name . If set, rules will be added to the specified security group. |
string |
null |
no |
existing_security_group_name | Name of an existing security group. Mutually exclusive with existing_security_group_id . If set, rules will be added to the specified security group. |
string |
null |
no |
resource_group | An existing resource group name to use for this example, if unset a new resource group will be created | string |
null |
no |
security_group_name | Name of the security group to be created | string |
"test-sg" |
no |
security_group_rules | A list of security group rules to be added to the default vpc security group | list( |
[] |
no |
tags | List of resource tags to apply to security group created by this module. | list(string) |
[] |
no |
target_ids | (Optional) A list of target identifiers from the same VPC as the security group. It may contain one or more of the following identifiers: network interface, application load balancer, endpoint gateway, and VPN server | list(string) |
[] |
no |
use_existing_security_group | If set, the modules modifies the specified existing_security_group_name. | bool |
false |
no |
use_existing_security_group_id | If set, the modules modifies the specified existing_security_group_id. | bool |
false |
no |
vpc_id | ID of the VPC to create security group. Only required if 'existing_security_group_name' is null | string |
null |
no |
Name | Description |
---|---|
security_group_id | The ID of the security group where the rules are added. NOTE: This value will not be available until rules are applied, and it cannot be referenced as a remote for a rule variable for the same module block. If you need this value to use in a rule you are supplying, please use the security_group_id_for_ref output instead. |
security_group_id_for_ref | The ID of the security group which can be used as remote reference in rules. NOTE: This value will be available as soon as the security group is created, and before rules are applied, which means it can be referenced as a remote in the rules input variable itself. If you require that all rules are applied first, please use the security_group_id output instead. |
security_group_rule | Security group rules |
security_target | Resources added to the security group |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.