upd

README.yaml

@@ -7,6 +7,13 @@
 # Name of this project
 name: terraform-aws-security-group
 
+# Tags of this project
+tags:
+  - aws
+  - security-group
+  - terraform
+  - terraform-modules
+
 # Logo for this project
 #logo: docs/logo.png
 
@@ -30,9 +37,6 @@ badges:
   - name: "Slack Community"
     image: "https://slack.cloudposse.com/badge.svg"
     url: "https://slack.cloudposse.com"
-  - name: "Discourse Forum"
-    image: "https://img.shields.io/discourse/https/ask.sweetops.com/posts.svg"
-    url: "https://ask.sweetops.com/"
 
 # List any related terraform modules that this module may be used with or that this module depends on.
 related:
@@ -42,36 +46,69 @@ related:
 
 # List any resources helpful for someone to get started. For example, link to the hashicorp documentation or AWS documentation.
 references:
-  - name: "Terraform Standard Module Structure"
-    description: "HashiCorp's standard module structure is a file and directory layout we recommend for reusable modules distributed in separate repositories."
-    url: "https://www.terraform.io/docs/modules/index.html#standard-module-structure"
-  - name: "Terraform Module Requirements"
-    description: "HashiCorp's guidance on all the requirements for publishing a module. Meeting the requirements for publishing a module is extremely easy."
-    url: "https://www.terraform.io/docs/registry/modules/publish.html#requirements"
-  - name: "Terraform `random_integer` Resource"
-    description: "The resource random_integer generates random values from a given range, described by the min and max attributes of a given resource."
-    url: "https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer"
-  - name: "Terraform Version Pinning"
-    description: "The required_version setting can be used to constrain which versions of the Terraform CLI can be used with your configuration"
-    url: "https://www.terraform.io/docs/configuration/terraform.html#specifying-a-required-terraform-version"
+  - name: terraform-provider-aws
+    description: Terraform AWS provider
+    url: https://registry.terraform.io/providers/hashicorp/aws/latest
 
 # Short description of this project
 description: |-
-  This is `terraform-aws-security-group` project provides all the scaffolding for a typical well-built Cloud Posse module. It's a template repository you can
-  use when creating new repositories.
+  Terraform module to create AWS Security Group and rules.
 
 # Introduction to the project
 #introduction: |-
 #  This is an introduction.
 
 # How to use this module. Should be an easy example to copy and paste.
 usage: |-
-  Here's how to invoke this example module in your projects
 
   ```hcl
-  module "example" {
-    source = "https://github.com/cloudposse/terraform-aws-security-group.git?ref=master"
-    example = "Hello world!"
+  module "label" {
+    source = "cloudposse/label/null"
+    # Cloud Posse recommends pinning every module to a specific version
+    # version = "x.x.x"
+    namespace  = "eg"
+    stage      = "prod"
+    name       = "bastion"
+    attributes = ["public"]
+    delimiter  = "-"
+
+    tags = {
+      "BusinessUnit" = "XYZ",
+      "Snapshot"     = "true"
+    }
+  }
+
+  module "vpc" {
+    source = "cloudposse/vpc/aws"
+    # Cloud Posse recommends pinning every module to a specific version
+    # version = "x.x.x"
+    cidr_block = "10.0.0.0/16"
+
+    context = module.label.context
+  }
+
+  module "vpc" {
+    source = "cloudposse/security-group/aws"
+    # Cloud Posse recommends pinning every module to a specific version
+    # version = "x.x.x"
+    sg_rules = [
+      {
+        type        = "ingress"
+        from_port   = 22
+        to_port     = 22
+        protocol    = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+      },
+      {
+        type        = "egress"
+        from_port   = 0
+        to_port     = 65535
+        protocol    = "all"
+        cidr_blocks = ["0.0.0.0/0"]
+      }
+    ]
+
+    context = module.label.context
   }
   ```
 
@@ -93,3 +130,5 @@ include:
 contributors:
   - name: "Erik Osterman"
     github: "osterman"
+  - name: "Vladimir"
+    github: "SweetOps"

docs/terraform.md

@@ -3,15 +3,14 @@
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12.0, < 0.14.0 |
-| local | ~> 1.2 |
-| random | ~> 2.2 |
+| terraform | >= 0.12.26 |
+| aws | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| random | ~> 2.2 |
+| aws | >= 2.0 |
 
 ## Inputs
 
@@ -21,23 +20,28 @@
 | attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
 | context | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | <pre>object({<br>    enabled             = bool<br>    namespace           = string<br>    environment         = string<br>    stage               = string<br>    name                = string<br>    delimiter           = string<br>    attributes          = list(string)<br>    tags                = map(string)<br>    additional_tag_map  = map(string)<br>    regex_replace_chars = string<br>    label_order         = list(string)<br>    id_length_limit     = number<br>  })</pre> | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_order": [],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {}<br>}</pre> | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| description | The Security Group description. | `string` | `"Managed by Terraform"` | no |
 | enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| example | Example variable | `string` | `"hello world"` | no |
 | id\_length\_limit | Limit `id` to this many characters.<br>Set to `0` for unlimited length.<br>Set to `null` for default, which is `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | label\_order | The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
 | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
 | namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
 | regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| security\_group\_enabled | Whether to create Security Group. | `bool` | `true` | no |
+| sg\_id | The external Security Group ID to which Security Group rules will be assigned.<br>Required to set `security_group_enabled` to `false`. | `string` | `""` | no |
+| sg\_rules | A list of maps of Security Group rules. <br>The values of map is fully complated with `aws_security_group_rule` resource. <br>To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` | `null` | no |
 | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
+| use\_name\_prefix | Whether to create a unique name beginning with the normalized prefix. | `bool` | `false` | no |
+| vpc\_id | The VPC ID where Security Group will be created. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| example | Example output |
-| id | ID of the created example |
-| random | Stable random number for this example |
+| sg\_arn | The Security Group ARN |
+| sg\_id | The Security Group ID |
+| sg\_name | The Security Group Name |
 
 <!-- markdownlint-restore -->

examples/complete/context.tf

@@ -19,7 +19,8 @@
 #
 
 module "this" {
-  source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2"
+  source  = "cloudposse/label/null"
+  version = "0.22.1" // requires Terraform >= 0.12.26
 
   enabled             = var.enabled
   namespace           = var.namespace

examples/complete/fixtures.us-east-2.tfvars

@@ -6,5 +6,21 @@ environment = "ue2"
 
 stage = "test"
 
-name = "example"
+name = "sg"
 
+sg_rules = [
+    {
+        type = "ingress"
+        from_port = 22
+        to_port = 22
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+    },
+    {
+        type = "egress"
+        from_port = 0
+        to_port = 65535
+        protocol = "all"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+]

examples/complete/main.tf

@@ -1,7 +1,54 @@
-module "example" {
+provider "aws" {
+  region = var.region
+}
+
+module "vpc" {
+  source  = "cloudposse/vpc/aws"
+  version = "v0.18.2"
+
+  cidr_block = "10.0.0.0/16"
+
+  context = module.this.context
+}
+
+# Create new one security group
+
+module "new_security_group" {
+  source = "../.."
+
+  vpc_id   = module.vpc.vpc_id
+  sg_rules = var.sg_rules
+
+  context = module.this.context
+}
+
+# Create rules for pre-created security group
+
+resource "aws_security_group" "external" {
+  name_prefix = format("%s-%s-", module.this.id, "external")
+  vpc_id      = module.vpc.vpc_id
+  tags        = module.this.tags
+}
+
+module "external_security_group" {
   source = "../.."
 
-  example = var.example
+  vpc_id                 = module.vpc.vpc_id
+  sg_id                  = aws_security_group.external.id
+  sg_rules               = var.sg_rules
+  security_group_enabled = false
 
   context = module.this.context
 }
+
+# Disabled module
+
+module "disabled_security_group" {
+  source = "../.."
+
+  vpc_id   = module.vpc.vpc_id
+  sg_id    = aws_security_group.external.id
+  sg_rules = var.sg_rules
+  context  = module.this.context
+  enabled  = false
+}

examples/complete/outputs.tf

@@ -1,14 +1,44 @@
-output "id" {
-  description = "ID of the created example"
-  value       = module.example.id
+output "new_sg_id" {
+  description = "The new one Security Group ID"
+  value       = module.new_security_group.sg_id
 }
 
-output "example" {
-  description = "Output \"example\" from example module"
-  value       = module.example.example
+output "new_sg_arn" {
+  description = "The new one Security Group ARN"
+  value       = module.new_security_group.sg_arn
 }
 
-output "random" {
-  description = "Output \"random\" from example module"
-  value       = module.example.random
+output "new_sg_name" {
+  description = "The new one Security Group Name"
+  value       = module.new_security_group.sg_name
+}
+
+output "external_sg_id" {
+  description = "The external Security Group ID"
+  value       = module.external_security_group.sg_id
+}
+
+output "external_sg_arn" {
+  description = "The external Security Group ARN"
+  value       = module.external_security_group.sg_arn
+}
+
+output "external_sg_name" {
+  description = "The external Security Group Name"
+  value       = module.external_security_group.sg_name
+}
+
+output "disabled_sg_id" {
+  description = "The disabled Security Group ID (should be empty)"
+  value       = module.disabled_security_group.sg_id
+}
+
+output "disabled_sg_arn" {
+  description = "The disabled Security Group ARN (should be empty)"
+  value       = module.disabled_security_group.sg_arn
+}
+
+output "disabled_sg_name" {
+  description = "The disabled Security Group Name (should be empty)"
+  value       = module.disabled_security_group.sg_name
 }

examples/complete/variables.tf

@@ -1,4 +1,7 @@
-variable "example" {
-  type        = string
-  description = "The value which will be passed to the example module"
+variable "region" {
+  type = string
+}
+
+variable "sg_rules" {
+  type = list(any)
 }

examples/complete/versions.tf

@@ -1,7 +1,10 @@
 terraform {
-  required_version = ">= 0.12.0, < 0.14"
+  required_version = ">= 0.12.26"
 
   required_providers {
-    local = "~> 1.2"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 2.0"
+    }
   }
 }