Complete the code to define a security group that allows inbound SSH traffic.
resource "aws_security_group" "example" { name = "example-sg" description = "Allow SSH inbound" ingress { from_port = 22 to_port = 22 protocol = "[1]" cidr_blocks = ["0.0.0.0/0"] } }
The protocol for SSH is TCP, so the correct value is tcp.
Complete the code to allow inbound HTTP traffic on port 80.
resource "aws_security_group" "web_sg" { name = "web-sg" description = "Allow HTTP inbound" ingress { from_port = 80 to_port = 80 protocol = "[1]" cidr_blocks = ["0.0.0.0/0"] } }
HTTP traffic uses TCP protocol on port 80, so the protocol must be tcp.
Fix the error in the security group rule that tries to allow all inbound traffic.
resource "aws_security_group" "open_sg" { name = "open-sg" description = "Allow all inbound traffic" ingress { from_port = 0 to_port = 0 protocol = "[1]" cidr_blocks = ["0.0.0.0/0"] } }
To allow all protocols in AWS security groups, the protocol must be set to -1.
Fill both blanks to create a security group rule that allows inbound HTTPS traffic only from a specific IP range.
resource "aws_security_group" "secure_sg" { name = "secure-sg" description = "Allow HTTPS inbound from office" ingress { from_port = [1] to_port = [2] protocol = "tcp" cidr_blocks = ["203.0.113.0/24"] } }
HTTPS uses port 443, so both from_port and to_port should be set to 443.
Fill all three blanks to define a security group that allows inbound TCP traffic on port 3306 from a specific subnet.
resource "aws_security_group" "db_sg" { name = [1] description = "Allow MySQL inbound from subnet" ingress { from_port = [2] to_port = [3] protocol = "tcp" cidr_blocks = ["10.0.1.0/24"] } }
The security group name should be a string like "database-sg". MySQL uses port 3306, so from_port and to_port are both 3306.