DEVHIDE
Login Or Sign up

How can I set the security group rule description with Terraform?

2k Views Asked by At

It looks like you can now set security group rule descriptions. This is super useful for maintaining whitelists for administrative access.

I can set the description in the AWS console but can't figure out how to set it with Terraform.

My assumption was that if the AWS API allows for it, Terraform can just do it without explicit support for it in the Terraform code. Perhaps that's wishful thinking and we'll have to wait for Terraform to support the new feature, or perhaps I'm just doing it wrong.

I tried simply declaring the description property in the rule declaration (like you would for the description of the security group itself):

    ingress {
        from_port       = 22
        to_port         = 22
        protocol        = "tcp"
        cidr_blocks     = ["123.456.789.123"]
        description     = "some rule description"
        }

Terraform bails in the plan stage with:

aws_security_group.somegroup: ingress.0: invalid or unknown key: description

I also tried setting tags within the rule declaration (like you would for setting the name of the security group):

     ingress {
         from_port       = 22
         ...
      tags {
           "Description" = "some rule description"
           }
      }

Terraform bails in the plan stage with:

aws_security_group.somegroup: ingress.0: invalid or unknown key: tags

amazon-web-services terraform network-security-groups
Original Q&A
2

There are 2 best solutions below

1
On BEST ANSWER

As of now, it is possible and your code should be valid.

0
On

Seems that you do not use Terraform api correctly.

You can not set description to aws_security_group_rule resource.

aws_security_group_rule on Terraform.io

resource "aws_security_group_rule" "allow_all" {
  type            = "ingress"
  from_port       = 0
  to_port         = 65535
  protocol        = "tcp"
  cidr_blocks     = ["0.0.0.0/0"]
  prefix_list_ids = ["pl-12c4e678"]

  security_group_id = "sg-123456"
}

You can set description to aws_security_group resource.

aws_security_group on Terraform.io

From their Docs:

resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
    prefix_list_ids = ["pl-12c4e678"]
  }
}

aws_security_group's description property should be declared outside of ingress and egress declarations, in its root scope

Related Questions in AMAZON-WEB-SERVICES

Related Questions in TERRAFORM

Related Questions in NETWORK-SECURITY-GROUPS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.