lib/terraforming/template/tf/security_group.erb
<% security_groups.each do |security_group| -%>
resource "aws_security_group" "<%= module_name_of(security_group) %>" {
name = "<%= security_group.group_name %>"
description = "<%= security_group.description %>"
vpc_id = "<%= security_group.vpc_id || '' %>"
<% dedup_permissions(security_group.ip_permissions, security_group.group_id).each do |permission| -%>
<%- security_groups = security_groups_in(permission, security_group).reject { |group_name| group_name == security_group.group_name }.reject { |group_id| group_id == security_group.group_id } -%>
ingress {
from_port = <%= permission.from_port || 0 %>
to_port = <%= permission.to_port || 0 %>
protocol = "<%= permission.ip_protocol %>"
<%- if permission.prefix_list_ids.length > 0 -%>
prefix_list_ids = <%= permission.prefix_list_ids.map { |range| range.prefix_list_id }.inspect %>
<%- end -%>
<%- if permission.ip_ranges.length > 0 -%>
cidr_blocks = <%= permission.ip_ranges.map { |range| range.cidr_ip }.inspect %>
<%- end -%>
<%- if permission.ipv_6_ranges.length > 0 -%>
ipv6_cidr_blocks = <%= permission.ipv_6_ranges.map { |range| range.cidr_ipv_6 }.inspect %>
<%- end -%>
<%- if permission.user_id_group_pairs.length > 0 -%>
<%- self_referenced = self_referenced_permission?(security_group, permission) -%>
security_groups = <%= security_groups.inspect %>
self = <%= self_referenced %>
<%- end -%>
}
<% end -%>
<% dedup_permissions(security_group.ip_permissions_egress, security_group.group_id).each do |permission| -%>
egress {
from_port = <%= permission.from_port || 0 %>
to_port = <%= permission.to_port || 0 %>
protocol = "<%= permission.ip_protocol %>"
<%- if permission.prefix_list_ids.length > 0 -%>
prefix_list_ids = <%= permission.prefix_list_ids.map { |range| range.prefix_list_id }.inspect %>
<%- end -%>
<%- if permission.ip_ranges.length > 0 -%>
cidr_blocks = <%= permission.ip_ranges.map { |range| range.cidr_ip }.inspect %>
<%- end -%>
<%- if permission.ipv_6_ranges.length > 0 -%>
ipv6_cidr_blocks = <%= permission.ipv_6_ranges.map { |range| range.cidr_ipv_6 }.inspect %>
<%- end -%>
<%- if permission.user_id_group_pairs.length > 0 -%>
<%- self_referenced = self_referenced_permission?(security_group, permission) -%>
security_groups = <%= security_groups_in(permission, security_group).reject { |group_id| group_id == security_group.group_id }.inspect %>
self = <%= self_referenced %>
<%- end -%>
}
<% end -%>
<% if security_group.tags.length > 0 -%>
tags {
<% security_group.tags.each do |tag| -%>
"<%= tag.key %>" = "<%= tag.value %>"
<% end -%>
}
<% end -%>
}
<% end -%>