How to create security group terraform

TerraformHow-ToBeginner · 3 min read

How to Create a Security Group in Terraform: Simple Guide

To create a security group in Terraform, use the aws_security_group resource block specifying the group name, description, and ingress or egress rules. This defines firewall rules for your cloud resources in a clear, reusable way.

📐

Syntax

The aws_security_group resource defines a security group in AWS. Key parts include:

name: The name of the security group.
description: A short explanation of the group's purpose.
vpc_id: The ID of the VPC where the group applies.
ingress: Rules for incoming traffic.
egress: Rules for outgoing traffic.

terraform

resource "aws_security_group" "example" {
  name        = "example-sg"
  description = "Example security group"
  vpc_id      = "vpc-12345678"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

💻

Example

This example creates a security group named web-sg in a specified VPC. It allows HTTP traffic on port 80 from anywhere and allows all outbound traffic.

terraform

provider "aws" {
  region = "us-east-1"
}

resource "aws_security_group" "web_sg" {
  name        = "web-sg"
  description = "Allow HTTP inbound traffic"
  vpc_id      = "vpc-0abc1234def567890"

  ingress {
    description = "HTTP from anywhere"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    description = "Allow all outbound"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Output

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

⚠️

Common Pitfalls

Common mistakes when creating security groups in Terraform include:

Forgetting to specify vpc_id, which is required in AWS VPC environments.
Using incorrect port numbers or protocols in ingress/egress rules.
Not allowing outbound traffic, which can block resource communication.
Using overly open CIDR blocks without understanding security risks.

Always validate your rules carefully and test connectivity.

terraform

/* Wrong: Missing vpc_id */
resource "aws_security_group" "bad_sg" {
  name        = "bad-sg"
  description = "Missing VPC ID"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

/* Correct: Includes vpc_id */
resource "aws_security_group" "good_sg" {
  name        = "good-sg"
  description = "Proper VPC ID included"
  vpc_id      = "vpc-0abc1234def567890"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

📊

Quick Reference

Remember these tips when creating security groups in Terraform:

Always specify vpc_id for AWS VPC security groups.
Use ingress blocks to allow incoming traffic and egress blocks for outgoing traffic.
Use protocol values like tcp, udp, or -1 for all protocols.
Use CIDR blocks to define allowed IP ranges.
Test your security group rules to avoid accidental lockouts.

✅

Key Takeaways

Use the aws_security_group resource with name, description, and vpc_id to create a security group.

Define ingress and egress blocks to control incoming and outgoing traffic rules.

Always specify vpc_id in AWS VPC environments to avoid errors.

Be careful with CIDR blocks to maintain security and avoid exposing resources.

Test your security group after deployment to ensure correct access.