From 02ed0876bcc482e7f9b10df00e7b40fac4c4a83c Mon Sep 17 00:00:00 2001 From: Brad Janke Date: Wed, 4 Aug 2021 15:22:37 -0500 Subject: [PATCH 1/8] Adds allowed_cidrs variable and SG creation --- examples/vpc/main.tf | 33 ++++++--------------------------- main.tf | 26 ++++++++++++++++++++++++-- variables.tf | 6 ++++++ 3 files changed, 36 insertions(+), 29 deletions(-) diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf index 9a014e3..779b4db 100644 --- a/examples/vpc/main.tf +++ b/examples/vpc/main.tf @@ -23,27 +23,6 @@ module "dynamic_subnets" { context = module.this.context } -module "security_group" { - source = "cloudposse/security-group/aws" - version = "0.3.1" - environment = "test" - id_length_limit = null - label_key_case = "title" - - vpc_id = module.vpc.vpc_id - rules = [ - { - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ] - - context = module.this.context -} - module "s3_bucket" { source = "cloudposse/s3-bucket/aws" version = "0.41.0" @@ -58,12 +37,12 @@ module "s3_bucket" { module "example" { source = "../.." - eip_enabled = true - s3_bucket_name = module.s3_bucket.bucket_id - sftp_users = var.sftp_users - subnet_ids = [module.dynamic_subnets.public_subnet_ids[0]] - vpc_id = module.vpc.vpc_id - vpc_security_group_ids = [module.security_group.id] + eip_enabled = true + s3_bucket_name = module.s3_bucket.bucket_id + sftp_users = var.sftp_users + subnet_ids = [module.dynamic_subnets.public_subnet_ids[0]] + vpc_id = module.vpc.vpc_id + allowed_cidrs = ["0.0.0.0/0"] context = module.this.context } diff --git a/main.tf b/main.tf index a9b0baa..beafc26 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,8 @@ locals { enabled = module.this.enabled - is_vpc = var.vpc_id != null + is_vpc = var.vpc_id != null + create_sg = local.enabled && length(var.allowed_cidrs) > 0 } data "aws_s3_bucket" "landing" { @@ -26,7 +27,7 @@ resource "aws_transfer_server" "default" { content { subnet_ids = var.subnet_ids - security_group_ids = var.vpc_security_group_ids + security_group_ids = local.create_sg ? module.security_group.*.id : var.vpc_security_group_ids vpc_id = var.vpc_id address_allocation_ids = var.eip_enabled ? aws_eip.sftp.*.id : var.address_allocation_ids } @@ -66,6 +67,27 @@ resource "aws_eip" "sftp" { vpc = local.is_vpc } +module "security_group" { + count = local.create_sg ? 1 : 0 + + source = "cloudposse/security-group/aws" + version = "0.3.1" + + vpc_id = local.is_vpc ? var.vpc_id : null + + rules = [ + { + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = var.allowed_cidrs + } + ] + + context = module.this.context +} + # Custom Domain resource "aws_route53_record" "main" { count = local.enabled && length(var.domain_name) > 0 && length(var.zone_id) > 0 ? 1 : 0 diff --git a/variables.tf b/variables.tf index d0366d8..9e8dabf 100644 --- a/variables.tf +++ b/variables.tf @@ -38,6 +38,12 @@ variable "address_allocation_ids" { default = [] } +variable "allowed_cidrs" { + type = list(string) + description = "A list of CIDR's allowed to connect to the SFTP endpoint. This has precedence over vpc_security_group_ids." + default = [] +} + variable "vpc_security_group_ids" { type = list(string) description = "A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC." From 63c3065bd7c9eeac04231eccd81ac2208073ee5b Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Wed, 4 Aug 2021 20:25:39 +0000 Subject: [PATCH 2/8] Auto Format --- README.md | 2 ++ docs/terraform.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index a9abcf3..f757b75 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,7 @@ Available targets: |------|--------|---------| | [iam\_label](#module\_iam\_label) | cloudposse/label/null | 0.24.1 | | [logging\_label](#module\_logging\_label) | cloudposse/label/null | 0.24.1 | +| [security\_group](#module\_security\_group) | cloudposse/security-group/aws | 0.3.1 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources @@ -175,6 +176,7 @@ Available targets: |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | [address\_allocation\_ids](#input\_address\_allocation\_ids) | A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | +| [allowed\_cidrs](#input\_allowed\_cidrs) | A list of CIDR's allowed to connect to the SFTP endpoint. This has precedence over vpc\_security\_group\_ids. | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` |
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index c997186..fe6747c 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -19,6 +19,7 @@ |------|--------|---------| | [iam\_label](#module\_iam\_label) | cloudposse/label/null | 0.24.1 | | [logging\_label](#module\_logging\_label) | cloudposse/label/null | 0.24.1 | +| [security\_group](#module\_security\_group) | cloudposse/security-group/aws | 0.3.1 | | [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources @@ -45,6 +46,7 @@ |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | [address\_allocation\_ids](#input\_address\_allocation\_ids) | A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | +| [allowed\_cidrs](#input\_allowed\_cidrs) | A list of CIDR's allowed to connect to the SFTP endpoint. This has precedence over vpc\_security\_group\_ids. | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` |
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | From df5e401d485a6d96a30902fccd84bbbdfdf7e633 Mon Sep 17 00:00:00 2001 From: Brad Janke Date: Wed, 4 Aug 2021 16:21:39 -0500 Subject: [PATCH 3/8] Updates variables so they follow naming patterns set by CP --- examples/vpc/main.tf | 11 +++++++++-- main.tf | 24 ++++++++---------------- variables.tf | 39 +++++++++++++++++++++++++++++++++++---- 3 files changed, 52 insertions(+), 22 deletions(-) diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf index 779b4db..c06c6ed 100644 --- a/examples/vpc/main.tf +++ b/examples/vpc/main.tf @@ -37,12 +37,19 @@ module "s3_bucket" { module "example" { source = "../.." - eip_enabled = true + eip_enabled = true + security_group_enabled = true + security_group_rules = [{ + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + }] s3_bucket_name = module.s3_bucket.bucket_id sftp_users = var.sftp_users subnet_ids = [module.dynamic_subnets.public_subnet_ids[0]] vpc_id = module.vpc.vpc_id - allowed_cidrs = ["0.0.0.0/0"] context = module.this.context } diff --git a/main.tf b/main.tf index beafc26..95315a3 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,8 @@ locals { enabled = module.this.enabled - is_vpc = var.vpc_id != null - create_sg = local.enabled && length(var.allowed_cidrs) > 0 + is_vpc = var.vpc_id != null + security_group_enabled = module.this.enabled && var.security_group_enabled } data "aws_s3_bucket" "landing" { @@ -27,7 +27,7 @@ resource "aws_transfer_server" "default" { content { subnet_ids = var.subnet_ids - security_group_ids = local.create_sg ? module.security_group.*.id : var.vpc_security_group_ids + security_group_ids = local.security_group_enabled ? module.security_group.*.id : var.vpc_security_group_ids vpc_id = var.vpc_id address_allocation_ids = var.eip_enabled ? aws_eip.sftp.*.id : var.address_allocation_ids } @@ -68,23 +68,15 @@ resource "aws_eip" "sftp" { } module "security_group" { - count = local.create_sg ? 1 : 0 - source = "cloudposse/security-group/aws" version = "0.3.1" - vpc_id = local.is_vpc ? var.vpc_id : null - - rules = [ - { - type = "ingress" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = var.allowed_cidrs - } - ] + use_name_prefix = var.security_group_use_name_prefix + rules = var.security_group_rules + description = var.security_group_description + vpc_id = local.is_vpc ? var.vpc_id : null + enabled = local.security_group_enabled context = module.this.context } diff --git a/variables.tf b/variables.tf index 9e8dabf..63597fc 100644 --- a/variables.tf +++ b/variables.tf @@ -38,10 +38,41 @@ variable "address_allocation_ids" { default = [] } -variable "allowed_cidrs" { - type = list(string) - description = "A list of CIDR's allowed to connect to the SFTP endpoint. This has precedence over vpc_security_group_ids." - default = [] +variable "security_group_enabled" { + type = bool + description = "Whether to create default Security Group for AWS Transfer Server." + default = true +} + +variable "security_group_description" { + type = string + default = "AWS Transfer Server Security Group" + description = "The Security Group description." +} + +variable "security_group_use_name_prefix" { + type = bool + default = false + description = "Whether to create a default Security Group with unique name beginning with the normalized prefix." +} + +variable "security_group_rules" { + type = list(any) + default = [ + { + type = "ingress" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/16"] + description = "Allow inbound traffic" + } + ] + description = <<-EOT + A list of maps of Security Group rules. + The values of map is fully complated with `aws_security_group_rule` resource. + To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . + EOT } variable "vpc_security_group_ids" { From 9a407e4d1bf31206f32af87d522c4399fdf98cbe Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Wed, 4 Aug 2021 21:22:20 +0000 Subject: [PATCH 4/8] Auto Format --- README.md | 5 ++++- docs/terraform.md | 5 ++++- main.tf | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f757b75..2cec9f1 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,6 @@ Available targets: |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | [address\_allocation\_ids](#input\_address\_allocation\_ids) | A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | -| [allowed\_cidrs](#input\_allowed\_cidrs) | A list of CIDR's allowed to connect to the SFTP endpoint. This has precedence over vpc\_security\_group\_ids. | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` |
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | @@ -194,6 +193,10 @@ Available targets: | [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | +| [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"AWS Transfer Server Security Group"` | no | +| [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for AWS Transfer Server. | `bool` | `true` | no | +| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [
"10.0.0.0/16"
],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | +| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | | [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys |
map(object({
user_name = string,
public_key = string
}))
| `{}` | no | | [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index fe6747c..942600a 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -46,7 +46,6 @@ |------|-------------|------|---------|:--------:| | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | [address\_allocation\_ids](#input\_address\_allocation\_ids) | A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | -| [allowed\_cidrs](#input\_allowed\_cidrs) | A list of CIDR's allowed to connect to the SFTP endpoint. This has precedence over vpc\_security\_group\_ids. | `list(string)` | `[]` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` |
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | @@ -64,6 +63,10 @@ | [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | +| [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"AWS Transfer Server Security Group"` | no | +| [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for AWS Transfer Server. | `bool` | `true` | no | +| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [
"10.0.0.0/16"
],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | +| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | | [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys |
map(object({
user_name = string,
public_key = string
}))
| `{}` | no | | [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | diff --git a/main.tf b/main.tf index 95315a3..309cfe0 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ locals { enabled = module.this.enabled is_vpc = var.vpc_id != null - security_group_enabled = module.this.enabled && var.security_group_enabled + security_group_enabled = module.this.enabled && var.security_group_enabled } data "aws_s3_bucket" "landing" { From 5683fd566d7a0e6a9a924b55d4c5a336e31e6426 Mon Sep 17 00:00:00 2001 From: Brad Janke Date: Thu, 5 Aug 2021 15:24:34 -0500 Subject: [PATCH 5/8] Defaults security_group_rule to have an empty cidr block --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 63597fc..c8626cb 100644 --- a/variables.tf +++ b/variables.tf @@ -64,7 +64,7 @@ variable "security_group_rules" { from_port = 22 to_port = 22 protocol = "tcp" - cidr_blocks = ["10.0.0.0/16"] + cidr_blocks = [] description = "Allow inbound traffic" } ] From 0e06a353ef6bc97550b09a290bf38188d6653777 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Thu, 5 Aug 2021 20:25:26 +0000 Subject: [PATCH 6/8] Auto Format --- README.md | 2 +- docs/terraform.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2cec9f1..c00b885 100644 --- a/README.md +++ b/README.md @@ -195,7 +195,7 @@ Available targets: | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | | [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"AWS Transfer Server Security Group"` | no | | [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for AWS Transfer Server. | `bool` | `true` | no | -| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [
"10.0.0.0/16"
],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | +| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | | [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | | [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys |
map(object({
user_name = string,
public_key = string
}))
| `{}` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 942600a..26dc58a 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -65,7 +65,7 @@ | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | | [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"AWS Transfer Server Security Group"` | no | | [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for AWS Transfer Server. | `bool` | `true` | no | -| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [
"10.0.0.0/16"
],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | +| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | | [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | | [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys |
map(object({
user_name = string,
public_key = string
}))
| `{}` | no | From cc633885d71791404e47b48ba906364ed387af38 Mon Sep 17 00:00:00 2001 From: Brad Janke Date: Fri, 6 Aug 2021 13:10:06 -0500 Subject: [PATCH 7/8] Sets default CIDR to 0.0.0.0/0 for security group rules variable --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index c8626cb..007000c 100644 --- a/variables.tf +++ b/variables.tf @@ -64,7 +64,7 @@ variable "security_group_rules" { from_port = 22 to_port = 22 protocol = "tcp" - cidr_blocks = [] + cidr_blocks = ["0.0.0.0/0"] description = "Allow inbound traffic" } ] From b958fab423ab4c39bee6229ce21caefcf229dfb5 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Fri, 6 Aug 2021 18:11:44 +0000 Subject: [PATCH 8/8] Auto Format --- README.md | 2 +- docs/terraform.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c00b885..4e590d5 100644 --- a/README.md +++ b/README.md @@ -195,7 +195,7 @@ Available targets: | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | | [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"AWS Transfer Server Security Group"` | no | | [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for AWS Transfer Server. | `bool` | `true` | no | -| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | +| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | | [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | | [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys |
map(object({
user_name = string,
public_key = string
}))
| `{}` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 26dc58a..f636afd 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -65,7 +65,7 @@ | [s3\_bucket\_name](#input\_s3\_bucket\_name) | This is the bucket that the SFTP users will use when managing files | `string` | n/a | yes | | [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"AWS Transfer Server Security Group"` | no | | [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for AWS Transfer Server. | `bool` | `true` | no | -| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | +| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Allow inbound traffic",
"from_port": 22,
"protocol": "tcp",
"to_port": 22,
"type": "ingress"
}
]
| no | | [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no | | [security\_policy\_name](#input\_security\_policy\_name) | Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11. | `string` | `"TransferSecurityPolicy-2018-11"` | no | | [sftp\_users](#input\_sftp\_users) | List of SFTP usernames and public keys |
map(object({
user_name = string,
public_key = string
}))
| `{}` | no |