Terraform: Allow all internal traffic inside aws security group

0
votes

I am trying to allow all tcp traffic between instances, otherwise deny all ingress and egress traffic.

Problem with "cidr_blocks", in aws console i can select security group but in terraform how can achieve something like that.

resource "aws_security_group" "default" {

  name = "terraform_example" 

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks =  ????
  }

}
2
amazon-web-servicesterraformaws-security-groupcidr

2 Answers

0
votes

In your ingress rule specification set self = true to allow traffic inside your Security Group. To allow traffic from a different Security Group, use the security_groups parameter. In both cases you can leave out the cidr_blocks parameter.

0
votes
  • If your requirement is to allow all the traffic from internet you can use
    cidr_blocks      = ["0.0.0.0/0"] 
    ipv6_cidr_blocks = ["::/0"]
  • If you want to allow traffic from a specify VPC which is already created in AWS you can give variable of that cidr
    cidr_blocks      = [aws_vpc.main.cidr_block]
    ipv6_cidr_blocks = [aws_vpc.main.ipv6_cidr_block]
  • If your requirement is to allow from a specific Security group we can also do that
    security_groups = [ "aws_security_group.main_sg1.name", "aws_security_group.main_sg2.name" ]