Create a AWS security group using Terraform

  • Create my Terraform file

[dzhang@localhost terraform]$ cat instance.tf
provider “aws” {
access_key = “my_access_key”
secret_key = “my_secret_key”
region = “ap-southeast-2”
}
resource “aws_security_group” “allow_ssh” {
name = “allow_all”
description = “Allow inbound SSH traffic from my IP”
vpc_id = “VPC-ID”

ingress {
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“6x.24x.5x.167/32”]
}

tags {
Name = “Allow SSH”
}
}

  • Terraform Plan

[dzhang@localhost terraform]$ terraform plan
Refreshing Terraform state in-memory prior to plan…
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn’t specify an “-out” parameter to save this plan, so when
“apply” is called, Terraform can’t guarantee this is what will execute.

+ aws_security_group.allow_ssh
description: “Allow inbound SSH traffic from my IP”
egress.#: “”
ingress.#: “1”
ingress.625464618.cidr_blocks.#: “1”
ingress.625464618.cidr_blocks.0: “6x.24x.5x.167/32”
ingress.625464618.from_port: “22”
ingress.625464618.protocol: “tcp”
ingress.625464618.security_groups.#: “0”
ingress.625464618.self: “false”
ingress.625464618.to_port: “22”
name: “allow_all”
owner_id: “”
tags.%: “1”
tags.Name: “Allow SSH”
vpc_id: “vpc-d8089xxx”
Plan: 1 to add, 0 to change, 0 to destroy.

  • Terraform Apply

[dzhang@localhost terraform]$ terraform apply
aws_security_group.allow_ssh: Creating…
description: “” => “Allow inbound SSH traffic from my IP”
egress.#: “” => “”
ingress.#: “” => “1”
ingress.625464618.cidr_blocks.#: “” => “1”
ingress.625464618.cidr_blocks.0: “” => “6x.24x.5x.167/32”
ingress.625464618.from_port: “” => “22”
ingress.625464618.protocol: “” => “tcp”
ingress.625464618.security_groups.#: “” => “0”
ingress.625464618.self: “” => “false”
ingress.625464618.to_port: “” => “22”
name: “” => “allow_all”
owner_id: “” => “”
tags.%: “” => “1”
tags.Name: “” => “Allow SSH”
vpc_id: “” => “vpc-d8089xxx”
aws_security_group.allow_ssh: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

  • Verify the security group created successfully in AWS console

Security Group

securitygroup

Firewall Rule

inbound-rule

Tag

2017-02-14_194039

  • terraform.tfstate

[dzhang@localhost terraform]$ cat terraform.tfstate
{
“version”: 3,
“terraform_version”: “0.8.6”,
“serial”: 3,
“lineage”: “7da04b67-0d9d-4337-80a7-9ffe05753f83”,
“modules”: [
{
“path”: [
“root”
],
“outputs”: {},
“resources”: {
“aws_security_group.allow_ssh”: {
“type”: “aws_security_group”,
“depends_on”: [],
“primary”: {
“id”: “sg-496ec32e“,
“attributes”: {
“description”: “Allow inbound SSH traffic from my IP”,
“egress.#”: “0”,
“id”: “sg-496ec32e”,
“ingress.#”: “1”,
“ingress.625464618.cidr_blocks.#”: “1”,
“ingress.625464618.cidr_blocks.0”: “6x.24x.5x.167/32”,
“ingress.625464618.from_port”: “22”,
“ingress.625464618.protocol”: “tcp”,
“ingress.625464618.security_groups.#”: “0”,
“ingress.625464618.self”: “false”,
“ingress.625464618.to_port”: “22”,
“name”: “allow_all”,
“owner_id”: “639399813107”,
“tags.%”: “1”,
“tags.Name”: “Allow SSH”,
“vpc_id”: “vpc-d8089xxx”
},
“meta”: {},
“tainted”: false
},
“deposed”: [],
“provider”: “”
}
},
“depends_on”: []
}
]
}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s