Merge pull request #32 from clouddrove/issue-451

yadavprakash · web-flow · commit 5afaea138954 · 2023-06-22T12:36:00.000+05:30
Update Readme with latest example and added resource description
diff --git a/README.yaml b/README.yaml
@@ -40,20 +40,61 @@ include:
 # How to use this project
 # yamllint disable rule:line-length
 usage: |-
-  ### Simple Example
+  ### NEW_SECURITY_GROUP
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
   # use this
     module "security_group" {
       source        = "clouddrove/security-group/aws"
       version       = "1.3.0"
-      name          = "security-group"
-      environment   = "test"
-      protocol      = "tcp"
-      label_order   = ["name", "environment"]
-      vpc_id        = "vpc-xxxxxxxxx"
-      allowed_ip    = ["172.16.0.0/16", "10.0.0.0/16"]
-      allowed_ipv6  = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
-      allowed_ports = [22, 27017]
+      name        = "security-group"
+      environment = "test"
+      label_order = ["name", "environment"]
+    
+      vpc_id                = module.vpc.vpc_id
+      allowed_ip            = ["172.16.0.0/16", "10.0.0.0/16"]
+      allowed_ports         = [22, 27017]
+      security_groups       = ["sg-xxxxxxxxxxxx"]
+      prefix_list_ids       = ["pl-xxxxxxxxxxxx"]
     }
   ```
+  ### NEW_SECURITY_GROUP_WITH_EGRESS
+    module "security_group" {
+      source        = "clouddrove/security-group/aws"
+      version       = "1.3.0"
+      name        = "security-group"
+      environment = "test"
+      label_order = ["name", "environment"]
+    
+      vpc_id                = module.vpc.vpc_id
+      allowed_ip            = ["172.16.0.0/16", "10.0.0.0/16"]
+      allowed_ipv6          = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
+      allowed_ports         = [22, 27017]
+      security_groups       = ["sg-xxxxxxxxx"]
+      prefix_list_ids       = ["pl-6da54004"]
+    
+      egress_rule            = true
+      egress_allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
+      egress_allowed_ports   = [22, 27017]
+      egress_protocol        = "tcp"
+      egress_prefix_list_ids = ["pl-xxxxxxxxx"]
+      egress_security_groups = ["sg-xxxxxxxxx"]
+    
+    }
+  ```
+  ### UPDATED_EXISTING
+  module "security_group" {
+      source        = "clouddrove/security-group/aws"
+      version       = "1.3.0"
+      name        = "security-group"
+      environment = "test"
+      label_order = ["name", "environment"]
+    
+      is_external     = true
+      existing_sg_id  = "sg-xxxxxxxxxxxx"
+      vpc_id          = module.vpc.vpc_id
+      allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
+      allowed_ports   = [22, 27017]
+      security_groups = ["sg-xxxxxxxxxxxxx"]
+    }
+  ```
diff --git a/_example/new_security_group/example.tf b/_example/new_security_group/example.tf
@@ -1,7 +1,13 @@
+####----------------------------------------------------------------------------------
+## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
+####----------------------------------------------------------------------------------
 provider "aws" {
   region = "eu-west-1"
 }
 
+####----------------------------------------------------------------------------------
+## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
+####----------------------------------------------------------------------------------
 module "vpc" {
   source      = "clouddrove/vpc/aws"
   version     = "1.3.1"
@@ -11,20 +17,19 @@ module "vpc" {
   cidr_block  = "10.0.0.0/16"
 }
 
+##----------------------------------------------------------------------------------
+## Below module will create SECURITY-GROUP and its components.
+##----------------------------------------------------------------------------------
 module "security_group" {
   source = "../../"
 
   name        = "security-group"
   environment = "test"
   label_order = ["name", "environment"]
 
-  enable_security_group = true
-  vpc_id                = module.vpc.vpc_id
-  protocol              = "tcp"
-  description           = "Instance default security group (only egress access is allowed)."
-  allowed_ip            = ["172.16.0.0/16", "10.0.0.0/16"]
-  allowed_ipv6          = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
-  allowed_ports         = [22, 27017]
-  security_groups       = ["sg-xxxxxxxxxxxx"]
-  prefix_list_ids       = ["pl-xxxxxxxxxxxx"]
+  vpc_id          = module.vpc.vpc_id
+  allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
+  allowed_ports   = [22, 27017]
+  security_groups = ["sg-xxxxxxxxxxxx"]
+  prefix_list_ids = ["pl-xxxxxxxxxxxx"]
 }
diff --git a/_example/new_security_group_with_egress/example.tf b/_example/new_security_group_with_egress/example.tf
@@ -1,7 +1,13 @@
+####----------------------------------------------------------------------------------
+## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
+####----------------------------------------------------------------------------------
 provider "aws" {
   region = "eu-west-1"
 }
 
+####----------------------------------------------------------------------------------
+## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
+####----------------------------------------------------------------------------------
 module "vpc" {
   source      = "clouddrove/vpc/aws"
   version     = "1.3.1"
@@ -11,28 +17,27 @@ module "vpc" {
   cidr_block  = "10.0.0.0/16"
 }
 
+##----------------------------------------------------------------------------------
+## Below module will create SECURITY-GROUP and its components.
+##----------------------------------------------------------------------------------
 module "security_group" {
   source = "../../"
 
   name        = "security-group"
   environment = "test"
   label_order = ["name", "environment"]
 
-  enable_security_group = true
-  vpc_id                = module.vpc.vpc_id
-  protocol              = "tcp"
-  description           = "Instance default security group (only egress access is allowed)."
-  allowed_ip            = ["172.16.0.0/16", "10.0.0.0/16"]
-  allowed_ipv6          = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
-  allowed_ports         = [22, 27017]
-  security_groups       = ["sg-xxxxxxxxx"]
-  prefix_list_ids       = ["pl-6da54004"]
+  vpc_id          = module.vpc.vpc_id
+  allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
+  allowed_ipv6    = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
+  allowed_ports   = [22, 27017]
+  security_groups = ["sg-xxxxxxxxx"]
+  prefix_list_ids = ["pl-6da54004"]
 
   egress_rule            = true
   egress_allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
   egress_allowed_ports   = [22, 27017]
   egress_protocol        = "tcp"
-  egress_allowed_ipv6    = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
   egress_prefix_list_ids = ["pl-xxxxxxxxx"]
   egress_security_groups = ["sg-xxxxxxxxx"]
 
diff --git a/_example/new_security_group_with_egress/versions.tf b/_example/new_security_group_with_egress/versions.tf
diff --git a/_example/updated_existing/example.tf b/_example/updated_existing/example.tf
@@ -1,7 +1,13 @@
+####----------------------------------------------------------------------------------
+## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
+####----------------------------------------------------------------------------------
 provider "aws" {
   region = "eu-west-1"
 }
 
+####----------------------------------------------------------------------------------
+## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
+####----------------------------------------------------------------------------------
 module "vpc" {
   source      = "clouddrove/vpc/aws"
   version     = "1.3.1"
@@ -11,6 +17,9 @@ module "vpc" {
   cidr_block  = "10.0.0.0/16"
 }
 
+##----------------------------------------------------------------------------------
+## Below module will create SECURITY-GROUP and its components.
+##----------------------------------------------------------------------------------
 module "security_group" {
   source = "../../"
 
@@ -21,10 +30,7 @@ module "security_group" {
   is_external     = true
   existing_sg_id  = "sg-xxxxxxxxxxxx"
   vpc_id          = module.vpc.vpc_id
-  protocol        = "tcp"
-  description     = "Instance default security group (only egress access is allowed)."
   allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
-  allowed_ipv6    = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
   allowed_ports   = [22, 27017]
   security_groups = ["sg-xxxxxxxxxxxxx"]
 }
diff --git a/_example/updated_existing/versions.tf b/_example/updated_existing/versions.tf
diff --git a/main.tf b/main.tf
@@ -1,12 +1,7 @@
-# Managed By : CloudDrove
-# Description : This Script is used to create Security Group.
-# Copyright @ CloudDrove. All Right Reserved.
-
-#Module      : Label
-#Description : This terraform module is designed to generate consistent label names and tags
-#              for resources. You can use terraform-labels to implement a strict naming
-#              convention.
-
+##----------------------------------------------------------------------------------
+## This terraform module is designed to generate consistent label names and
+## tags for resources. You can use terraform-labels to implement a strict naming convention.
+##----------------------------------------------------------------------------------
 module "labels" {
   source  = "clouddrove/labels/aws"
   version = "1.3.0"
@@ -48,9 +43,9 @@ locals {
 
 }
 
-#Module      : SECURITY GROUP
-#Description : Here are an example of how you can use this module in your inventory
-#              structure:
+##----------------------------------------------------------------------------------
+## Here are an example of how you can use this resource in your inventory structure.
+##----------------------------------------------------------------------------------
 resource "aws_security_group" "default" {
   count = local.security_group_count
 
@@ -69,9 +64,10 @@ data "aws_security_group" "existing" {
   vpc_id = var.vpc_id
 }
 
-#Module      : SECURITY GROUP RULE FOR EGRESS
-#Description : Provides a security group rule resource. Represents a single egress
-#              group rule, which can be added to external Security Groups.
+##----------------------------------------------------------------------------------
+## Provides a security group rule resource. Represents a single egress
+## group rule, which can be added to external Security Groups.
+##----------------------------------------------------------------------------------
 resource "aws_security_group_rule" "egress" {
   count = (var.enable_security_group == true && local.sg_existing == false && local.egress_rule == false) ? 1 : 0
 
@@ -80,6 +76,7 @@ resource "aws_security_group_rule" "egress" {
   to_port           = 65535
   protocol          = "-1"
   cidr_blocks       = ["0.0.0.0/0"] #tfsec:ignore:aws-vpc-no-public-egress-sgr
+  description       = var.security_group_egress_rule_description
   security_group_id = local.id
 }
 resource "aws_security_group_rule" "egress_ipv6" {
@@ -91,11 +88,14 @@ resource "aws_security_group_rule" "egress_ipv6" {
   protocol          = "-1"
   ipv6_cidr_blocks  = ["::/0"] #tfsec:ignore:aws-vpc-no-public-egress-sgr
   security_group_id = local.id
+  description       = var.security_group_egress_ipv6_rule_description
   prefix_list_ids   = var.prefix_list
 }
-#Module      : SECURITY GROUP RULE FOR INGRESS
-#Description : Provides a security group rule resource. Represents a single ingress
-#              group rule, which can be added to external Security Groups.
+
+##----------------------------------------------------------------------------------
+## Provides a security group rule resource. Represents a single ingress
+## group rule, which can be added to external Security Groups.
+##----------------------------------------------------------------------------------
 resource "aws_security_group_rule" "ingress" {
   count = local.enable_cidr_rules == true ? length(compact(var.allowed_ports)) : 0
 
@@ -139,8 +139,10 @@ resource "aws_security_group_rule" "ingress_prefix" {
   security_group_id = local.id
 }
 
-#egress rules configuration
 
+##----------------------------------------------------------------------------------
+## egress rules configuration.
+##----------------------------------------------------------------------------------
 resource "aws_security_group_rule" "egress_ipv4_rule" {
   count = local.egress_rule == true ? length(compact(var.allowed_ports)) : 0
 
diff --git a/outputs.tf b/outputs.tf
@@ -1,6 +1,7 @@
-#Module      : SECURITY GROUP
-#Description : This terraform module creates set of Security Group and Security Group Rules
-#              resources in various combinations.
+##----------------------------------------------------------------------------------
+## This terraform module creates set of Security Group and Security Group Rules
+##  resources in various combinations..
+##----------------------------------------------------------------------------------
 output "security_group_ids" {
   value       = try(local.id, null)
   description = "IDs on the AWS Security Groups associated with the instance."
diff --git a/variables.tf b/variables.tf
@@ -63,6 +63,18 @@ variable "description" {
   description = "The security group description."
 }
 
+variable "security_group_egress_rule_description" {
+  type        = string
+  default     = "Description of the egress rule."
+  description = "Represents a single ingress or egress group rule, which can be added to external Security Groups."
+}
+
+variable "security_group_egress_ipv6_rule_description" {
+  type        = string
+  default     = "Description of the egress rule."
+  description = "Represents a single ingress or egress group egress-ipv6 rule, which can be added to external Security Groups."
+}
+
 variable "allowed_ports" {
   type        = list(any)
   default     = []
@@ -89,7 +101,7 @@ variable "protocol" {
 
 variable "allowed_ipv6" {
   type        = list(any)
-  default     = []
+  default     = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
   description = "List of allowed ipv6."
 }
 
@@ -152,7 +164,7 @@ variable "egress_security_groups" {
 
 variable "egress_allowed_ipv6" {
   type        = list(any)
-  default     = []
+  default     = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
   description = "List of allowed ipv6."
 }
 
diff --git a/versions.tf b/versions.tf
@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.3.6"
+  required_version = ">= 1.4.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.48.0"
+      version = ">= 5.1.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`# Terraform version`
`2`	`2`	`terraform {`
`3`		`- required_version = ">= 1.3.6"`
	`3`	`+ required_version = ">= 1.4.6"`
`4`	`4`
`5`	`5`	`required_providers {`
`6`	`6`	`aws = {`
`7`	`7`	`source = "hashicorp/aws"`
`8`		`- version = ">= 4.48.0"`
	`8`	`+ version = ">= 5.1.0"`
`9`	`9`	`}`
`10`	`10`	`}`
`11`	`11`	`}`