Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ActiveMQ rules #143

Merged
merged 1 commit into from Nov 14, 2019
Merged

Add ActiveMQ rules #143

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions modules/README.md
View file
Open in desktop
Expand Up @@ -2,6 +2,7 @@ List of Security Groups implemented as Terraform modules
========================================================


* [activemq](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/activemq)
* [carbon-relay-ng](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/carbon-relay-ng)
* [cassandra](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/cassandra)
* [consul](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/consul)
Expand Down
98 changes: 98 additions & 0 deletions modules/activemq/README.md
View file
Open in desktop
@@ -0,0 +1,98 @@
# activemq - AWS EC2-VPC Security Group Terraform module

## Usage

```hcl
module "activemq_security_group" {
source = "terraform-aws-modules/security-group/aws//modules/activemq"
version = "~> 3.0"

# omitted...
}
```

All automatic values **activemq module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/activemq/auto_values.tf).

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list(string) | `[]` | no |
| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list(map(string)) | `[]` | no |
| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list(string) | `[]` | no |
| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list(map(string)) | `[]` | no |
| auto\_egress\_rules | List of egress rules to add automatically | list(string) | `[ "all-all" ]` | no |
| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list(map(string)) | `[]` | no |
| auto\_ingress\_rules | List of ingress rules to add automatically | list(string) | `[ "activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp" ]` | no |
| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list(map(string)) | `[ { "rule": "all-all" } ]` | no |
| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | number | `"0"` | no |
| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | number | `"0"` | no |
| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | number | `"0"` | no |
| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | number | `"0"` | no |
| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list(string) | `[ "0.0.0.0/0" ]` | no |
| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list(string) | `[ "::/0" ]` | no |
| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list(string) | `[]` | no |
| computed\_egress\_rules | List of computed egress rules to create by name | list(string) | `[]` | no |
| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no |
| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no |
| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list(map(string)) | `[]` | no |
| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no |
| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list(string) | `[]` | no |
| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list(string) | `[]` | no |
| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list(string) | `[]` | no |
| computed\_ingress\_rules | List of computed ingress rules to create by name | list(string) | `[]` | no |
| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no |
| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no |
| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list(map(string)) | `[]` | no |
| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no |
| create | Whether to create security group and all rules | bool | `"true"` | no |
| description | Description of security group | string | `"Security Group managed by Terraform"` | no |
| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list(string) | `[ "0.0.0.0/0" ]` | no |
| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list(string) | `[ "::/0" ]` | no |
| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list(string) | `[]` | no |
| egress\_rules | List of egress rules to create by name | list(string) | `[]` | no |
| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no |
| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no |
| egress\_with\_self | List of egress rules to create where 'self' is defined | list(map(string)) | `[]` | no |
| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no |
| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list(string) | `[]` | no |
| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list(string) | `[]` | no |
| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list(string) | `[]` | no |
| ingress\_rules | List of ingress rules to create by name | list(string) | `[]` | no |
| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list(map(string)) | `[]` | no |
| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | `[]` | no |
| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list(map(string)) | `[]` | no |
| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list(map(string)) | `[]` | no |
| name | Name of security group | string | n/a | yes |
| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | number | `"0"` | no |
| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | number | `"0"` | no |
| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | number | `"0"` | no |
| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | number | `"0"` | no |
| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | number | `"0"` | no |
| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | number | `"0"` | no |
| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | number | `"0"` | no |
| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | number | `"0"` | no |
| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | number | `"0"` | no |
| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | number | `"0"` | no |
| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | number | `"0"` | no |
| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | number | `"0"` | no |
| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | number | `"0"` | no |
| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | number | `"0"` | no |
| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | number | `"0"` | no |
| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | number | `"0"` | no |
| tags | A mapping of tags to assign to security group | map(string) | `{}` | no |
| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | bool | `"true"` | no |
| vpc\_id | ID of the VPC where to create security group | string | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| this\_security\_group\_description | The description of the security group |
| this\_security\_group\_id | The ID of the security group |
| this\_security\_group\_name | The name of the security group |
| this\_security\_group\_owner\_id | The owner ID |
| this\_security\_group\_vpc\_id | The VPC ID |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
79 changes: 79 additions & 0 deletions modules/activemq/auto_values.tf
View file
Open in desktop
@@ -0,0 +1,79 @@
# This file was generated from values defined in rules.tf using update_groups.sh.
###################################
# DO NOT CHANGE THIS FILE MANUALLY
###################################

variable "auto_ingress_rules" {
description = "List of ingress rules to add automatically"
type = list(string)
default = ["activemq-5671-tcp", "activemq-8883-tcp", "activemq-61614-tcp", "activemq-61617-tcp", "activemq-61619-tcp"]
}

variable "auto_ingress_with_self" {
description = "List of maps defining ingress rules with self to add automatically"
type = list(map(string))
default = [{ "rule" = "all-all" }]
}

variable "auto_egress_rules" {
description = "List of egress rules to add automatically"
type = list(string)
default = ["all-all"]
}

variable "auto_egress_with_self" {
description = "List of maps defining egress rules with self to add automatically"
type = list(map(string))
default = []
}

# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = list(string)
default = []
}

variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = list(map(string))
default = []
}

variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = list(string)
default = []
}

variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = list(map(string))
default = []
}

# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
type = number
default = 0
}

variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
type = number
default = 0
}

variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
type = number
default = 0
}

variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
type = number
default = 0
}

114 changes: 114 additions & 0 deletions modules/activemq/main.tf
View file
Open in desktop
@@ -0,0 +1,114 @@
module "sg" {
source = "../../"

create = var.create
name = var.name
use_name_prefix = var.use_name_prefix
description = var.description
vpc_id = var.vpc_id
tags = var.tags

##########
# Ingress
##########
# Rules by names - open for default CIDR
ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))

# Open for self
ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)

# Open to IPv4 cidr blocks
ingress_with_cidr_blocks = var.ingress_with_cidr_blocks

# Open to IPv6 cidr blocks
ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks

# Open for security group id
ingress_with_source_security_group_id = var.ingress_with_source_security_group_id

# Default ingress CIDR blocks
ingress_cidr_blocks = var.ingress_cidr_blocks
ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks

# Default prefix list ids
ingress_prefix_list_ids = var.ingress_prefix_list_ids

###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))

# Open for self
computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)

# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks

# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks

# Open for security group id
computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id

#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks
number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks
number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id

#########
# Egress
#########
# Rules by names - open for default CIDR
egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))

# Open for self
egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)

# Open to IPv4 cidr blocks
egress_with_cidr_blocks = var.egress_with_cidr_blocks

# Open to IPv6 cidr blocks
egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks

# Open for security group id
egress_with_source_security_group_id = var.egress_with_source_security_group_id

# Default egress CIDR blocks
egress_cidr_blocks = var.egress_cidr_blocks
egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks

# Default prefix list ids
egress_prefix_list_ids = var.egress_prefix_list_ids

##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))

# Open for self
computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)

# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks

# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks

# Open for security group id
computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id

#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks
number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks
number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
}
24 changes: 24 additions & 0 deletions modules/activemq/outputs.tf
View file
Open in desktop
@@ -0,0 +1,24 @@
output "this_security_group_id" {
description = "The ID of the security group"
value = module.sg.this_security_group_id
}

output "this_security_group_vpc_id" {
description = "The VPC ID"
value = module.sg.this_security_group_vpc_id
}

output "this_security_group_owner_id" {
description = "The owner ID"
value = module.sg.this_security_group_owner_id
}

output "this_security_group_name" {
description = "The name of the security group"
value = module.sg.this_security_group_name
}

output "this_security_group_description" {
description = "The description of the security group"
value = module.sg.this_security_group_description
}