Home > Net >  Security group created by Terraform has no rules
Security group created by Terraform has no rules

Time:01-19

I am now studying Terraform and wrote a simple script to create some AWS resources.

From my script, it can create a VPC with a subnet, and an instance attached a security group. All of them are newly created by the terraform script. When I run terraform plan or terraform apply, no error or warning have shown and successfully created. However, when I check the those newly created resources on AWS console, I found that the security group has created but no rules attached.

Anyone can help? Thanks a lot.

Following is my terraform script.

provider "aws" {
  region = var.AWS_REGION
  access_key = var.AWS_ACCESS_KEY
  secret_key = var.AWS_SECRET_KEY
}

data "aws_ami" "amazon-2" {
  most_recent = true
  owners = [ "amazon" ]

  filter {
    name = "name"
    values = [ "amzn2-ami-hvm-*-x86_64-ebs" ]
  }
}

resource "aws_key_pair" "generate_keypair" {
  key_name = var.key_name
  public_key = var.public_key
  tags = var.default_tags
}

resource "aws_vpc" "study" {
  cidr_block = "10.0.0.0/20"
  tags = var.default_tags
}

resource "aws_subnet" "study-public" {
  vpc_id = aws_vpc.study.id
  cidr_block = "10.0.0.0/26"
  tags = var.default_tags
}

resource "aws_security_group" "public-instance" {
  vpc_id = aws_vpc.study.id
  name = "public-instance"
  description = "Group for public instance"
  tags = var.default_tags

  ingress {
    description = "Port 80 ingress"
    from_port = 80
    to_port = 80
    protocol = "tcp"
  }

  ingress {
    description = "Port 22 ingress"
    from_port = 22
    to_port = 22
    protocol = "ssh"
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "all"
  }
}

resource "aws_instance" "linux" {
  ami = data.aws_ami.amazon-2.id
  instance_type = "t3.micro"
  key_name = aws_key_pair.generate_keypair.key_name
  vpc_security_group_ids = [ aws_security_group.public-instance.id ]
  subnet_id = aws_subnet.study-public.id
  tags = var.default_tags
}

enter image description here

CodePudding user response:

You need to specify at least any one of the rule destination like CIDR block, a security group ID or a prefix list.

Below code snippet works for you. I have used cidr_blocks in this case.

resource "aws_security_group" "public-instance" {
  vpc_id      = aws_vpc.study.id
  name        = "public-instance"
  description = "Group for public instance"

  ingress {
    description = "Port 80 ingress"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    description = "Port 22 ingress"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "all"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

CodePudding user response:

Add cidr_blocks = ["<your ip cidr>"] and change protocol = "tcp"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]

  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "all"
    cidr_blocks = ["0.0.0.0/0"]
  }

Page link:https//www.codepudding.com/net/268140.html

Prev:Extracting an AMI from AWS to local
Next:Error when deploying serverless application in python
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding