feat: added sg resource

.github/workflows/auto_assignee.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   assignee:
-    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:

.github/workflows/changelog.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   changelog:
-    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6
     secrets: inherit
     with:
       branch: 'master'

.github/workflows/tf-checks.yml

@@ -6,15 +6,15 @@ on:
   workflow_dispatch:
 jobs:
   basic_example:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
       working_directory: './_example/basic/'
   complete_example:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
       working_directory: './_example/complete/'
   spot_instance:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6
     with:
       working_directory: './_example/spot_instance/'
 

.github/workflows/tflint.yml

@@ -5,7 +5,7 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  tflint:
-    uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@master
+  tf-lint:
+    uses: clouddrove/github-shared-workflows/.github/workflows/[email protected]
     secrets:
-      GITHUB: ${{ secrets.GITHUB }}
+      GITHUB: ${{ secrets.GITHUB }}

.github/workflows/tfsec.yml

@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
 jobs:
   tfsec:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master
+    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6
     secrets: inherit
     with:
       working_directory: '.'

_example/basic/example.tf

@@ -10,9 +10,8 @@ module "ec2" {
   ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
   ##----------------------------------------------------------------------------------
   #tfsec:aws-ec2-no-public-ingress-sgr
-  vpc_id            = "vpc-xxxxxxxxx"
-  ssh_allowed_ip    = ["0.0.0.0/0"]
-  ssh_allowed_ports = [22]
+  vpc_id         = "vpc-xxxxxxxxx"
+  ssh_allowed_ip = ["0.0.0.0/0"]
 
   #instance
   instance_count = 1

_example/basic/versions.tf

@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.5"
+  required_version = ">= 1.6.1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.22.0"
     }
   }
 }

_example/complete/example.tf

@@ -86,16 +86,16 @@ module "ec2" {
   ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
   ##----------------------------------------------------------------------------------
   #tfsec:aws-ec2-no-public-ingress-sgr
-  vpc_id            = module.vpc.vpc_id
-  ssh_allowed_ip    = ["0.0.0.0/0"]
-  ssh_allowed_ports = [22]
+  vpc_id         = module.vpc.vpc_id
+  ssh_allowed_ip = ["0.0.0.0/0"]
+
   #Instance
   instance_count = 1
   ami            = "ami-0f8e81a3da6e2510a"
   instance_type  = "t2.nano"
 
   #Keypair
-  public_key = ""
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDIqppj2U2K8norJh5/gxz7sbSSseLd+ldHEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tvLXddPKd37a2S7rjeqecw+XRW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDV1Vf9HNeh9A3yOS6Pkjq6gDMrsUVF89ps3zuLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMtiHUUiecPdL/6HYwGHxA5rUX3uD2UBm6sbGBH00ZCj6yUxl2UQR5NE4NR35NI86Q+q1kNOc5VctxxQOTHBwKHaGvKLk4c5gHXaEl8yyYL0wVkL00KYx3GCh1LvRdQL8fvzImBCNgZdSpKT2xjq/wc5c9L9NSc43TGoldnDYUjm79qAYMlwQHr0= prashant@prashant"
 
   #Networking
   subnet_ids = tolist(module.public_subnets.public_subnet_id)

_example/complete/versions.tf

@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.5"
+  required_version = ">= 1.6.1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.22.0"
     }
   }
 }

_example/spot_instance/example.tf

@@ -9,9 +9,8 @@ module "spot-ec2" {
   ####----------------------------------------------------------------------------------
   ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
   ####----------------------------------------------------------------------------------
-  vpc_id            = "vpc-xxxxxxxx"
-  ssh_allowed_ip    = ["0.0.0.0/0"]
-  ssh_allowed_ports = [22]
+  vpc_id         = "vpc-xxxxxxxx"
+  ssh_allowed_ip = ["0.0.0.0/0"]
 
   #Keypair
   public_key = ""

_example/spot_instance/versions.tf

@@ -1,11 +1,11 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.5"
+  required_version = ">= 1.6.1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.22.0"
     }
   }
 }

main.tf

@@ -82,12 +82,12 @@ resource "aws_security_group_rule" "egress_ipv6" {
 }
 #tfsec:ignore:aws-ec2-no-public-ingress-sgr
 resource "aws_security_group_rule" "ssh_ingress" {
-  count             = var.enable && length(var.ssh_allowed_ip) > 0 && length(var.sg_ids) < 1 ? length(compact(var.ssh_allowed_ports)) : 0
-  description       = var.ssh_sg_ingress_description
+  count             = var.enable && var.ssh_enable && length(var.sg_ids) < 1 ? length(var.ssh_allowed_ip) : 0
+  description       = element(var.ssh_sg_ingress_description[*], count.index)
   type              = "ingress"
-  from_port         = element(var.ssh_allowed_ports, count.index)
-  to_port           = element(var.ssh_allowed_ports, count.index)
-  protocol          = var.ssh_protocol
+  from_port         = 22
+  to_port           = 22
+  protocol          = "tcp"
   cidr_blocks       = var.ssh_allowed_ip
   security_group_id = join("", aws_security_group.default[*].id)
 }

variables.tf

@@ -462,16 +462,10 @@ variable "ssh_allowed_ip" {
   description = "List of allowed ip."
 }
 
-variable "ssh_allowed_ports" {
-  type        = list(any)
-  default     = []
-  description = "List of allowed ingress ports"
-}
-
-variable "ssh_protocol" {
-  type        = string
-  default     = "tcp"
-  description = "The protocol. If not icmp, tcp, udp, or all use the."
+variable "ssh_enable" {
+  type        = bool
+  default     = true
+  description = "Flag to control ssh creation."
 }
 
 variable "ssh_sg_ingress_description" {

versions.tf

@@ -1,11 +1,15 @@
 # Terraform version
 terraform {
-  required_version = ">= 1.5.5"
+  required_version = ">= 1.6.1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.22.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0.4"
     }
   }
 }