Create a Security Group using Terraform

Kunal Kumar SinghKunal Kumar Singh
4 min read

Yesterday we understood how we can create Key-pair using terraform, Today let’s jump to create security group using terraform.

So, Let’s take todays scenario and try making security group.

Scenario :

The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.

Use Terraform to create a security group under the default VPC with the following requirements:

1) The name of the security group must be devops-sg.

2) The description must be Security group for Nautilus App Servers.

3) Add an inbound rule of type HTTP, with a port range of 80, and source CIDR range 0.0.0.0/0.

4) Add another inbound rule of type SSH, with a port range of 22, and source CIDR range 0.0.0.0/0.

Ensure that the security group is created in the us-east-1 region using Terraform. The Terraform working directory is /home/bob/terraform.

Create the main.tf file (do not create a different .tf file) to accomplish this task.

We are going to create a Terraform configuration in the main.tf file at /home/bob/terraform.

The security group will be created in the default VPC in the us-east-1 region.

Steps:

1) Configure the AWS provider to use the region us-east-1.

2) Create an AWS security group resource named "devops-sg" with the specified description and rules.

Note: Since we are using the default VPC, we can let the security group be created in the default VPC without explicitly specifying the vpc_id.

However, in some cases, if the default VPC is not available, we might need to specify a VPC. But the problem states to use the default VPC.

We'll do the following: -

Use the AWS provider for us-east-1.

- Create a security group resource with the name "devops-sg", description "Security group for Nautilus App Servers".

- Add two ingress rules: one for HTTP (port 80) and one for SSH (port 22), both from 0.0.0.0/0.

Important: The security group name must be "devops-sg". We'll set the name attribute to that.

However, note that in AWS, the security group name must be unique within the VPC. Since we are using the default VPC and the name is specified, we assume it doesn't exist.

Let's write the configuration accordingly.

To create the specified security group using Terraform, follow these steps:

  1. Navigate to the Terraform directory:

     cd /home/bob/terraform

  2. Create a main.tf file with the following content:

     terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = "~> 4.0"
     }

 provider "aws" {
   region = "us-east-1"
 }

 resource "aws_security_group" "devops_sg" {
   name        = "devops-sg"
   description = "Security group for Nautilus App Servers"
    vpc_id      = data.aws_vpc.default.id

   ingress {
     from_port   = 80
     to_port     = 80
     protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
     description = "HTTP"
   }

   ingress {
     from_port   = 22
     to_port     = 22
     protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
     description = "SSH"
   }

   tags = {
     Name = "devops-sg"
   }
 }

 data "aws_vpc" "default" {
   default = true
 }

    1. Initialize Terraform:

       cd /home/bob/terraform
 terraform init

  1. Apply the Configuration:

     terraform apply
    • Type yes when prompted to confirm the creation of resources.

  2. Key Fixes in the Configuration:

    1. Explicit Default VPC Reference:
      Added data "aws_vpc" "default" to explicitly reference the default VPC, ensuring Terraform manages the dependency correctly.

    2. VPC ID Assignment:
      Included vpc_id = data.aws_vpc.default.id in the security group to bind it to the default VPC.

    3. Rule Descriptions:
      Added description attributes to each ingress rule for clarity (required by some AWS regions).

Verification:

After running terraform apply , check:

    terraform show

Output should include:

    resource "aws_security_group" "devops_sg" {
      name        = "devops-sg"
      description = "Security group for Nautilus App Servers"
      ...
      ingress {
        description = "HTTP"
        from_port   = 80
        to_port     = 80
        protocol    = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
      }
      ...
    }
0
Subscribe to my newsletter

Read articles from Kunal Kumar Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Terraformterraform-cloud#Terraform #AWS #InfrastructureAsCode #Provisioning #Automation #CloudComputingterraform-state

Written by

Kunal Kumar Singh
Kunal Kumar Singh

I am a DevOps Engineer working in MNC. Where I automate Infrastructure using various DevOps tools and AWS Cloud.