terraform-aws-vpc VS terraform-aws-security-group

ECR VPC ECS

Now let us move on to the important part of the tutorial. Creating an EKS cluster in AWS is not as straightforward as in other cloud platforms. You need to also create a lot more resources for everything to work correctly without surprises. You will be using a bunch of Terraform providers to help with this, and you will also use some prebuilt Terraform modules like AWS VPC Terraform module and Amazon EKS Blueprints for Terraform to reduce the amount of boilerplate you need to write.

The infrastructure is created using terraform, and can be found in this git repository. The project uses community maintained AWS Terraform modules, which simplify this process. The code examples that follow in the post are using the vpc-endpoints module to create the Gateway and interface endpoints.

Let us use an example from AWS to see how we can use a publicly available module. When setting up a virtual network (or Virtual Private Cloud, VPC) in AWS there are a lot of resources you must create. One popular module is the AWS VPC module. The documentation for this module is available at registry.terraform.io/modules/terraform-aws-modules/vpc/aws. The simplest example of using this module looks like this:

locals { region = data.aws_region.current.name } module "vpc" { source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v3.16.0" name = var.vpc_name cidr = var.vpc_cidr azs = ["${local.region}a", "${local.region}b"] public_subnets = cidrsubnets(var.vpc_cidr, 1, 1) enable_dns_hostnames = true enable_dns_support = true map_public_ip_on_launch = true tags = { Name = var.vpc_name } public_subnet_tags = { Name = "public subnet" "kubernetes.io/role/elb" = "1" "kubernetes.io/cluster/${var.cluster_name}" = "shared" } }

/u/akirakotkata all of the answers in this thread are correct, but nobody's empowered you to figure this out on your own in the future. In the registry link you provided, there's a link to Source Code. Follow that link and take a look at variables.tf in the repo, lines 13-17. That block is what is expected for the parameter, so you need to tweak what you're sending into what it expects.

I've got a terraform workspace that has grown very organically. I'm setting my security group rules in a locals definition then calling each type of rule from each of the local values. I've looked into the security group module by Anton but because we have a mixture of CIDRs and Secgroups (as destinations and sources) I do not believe we can leverage it the way it is intended to be.

First of all, I don't much go for stuff like https://github.com/terraform-aws-modules/terraform-aws-security-group, I find it obscures what's actually going on. Where before I just had to learn how AWS works, now I have to learn how AWS and all of these external modules work. Remember, infra-as-code isn't the same as other code-code, the same approaches that work for code-code don't always work for infra-as-code.

Looks good, but there is no such rule named "splunk" but there are 4 of them - https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/rules.tf#L139-L142 .