100-Days-Of-DevOps-Challenge-KodeKloud

Create Security Group Using Terraform

The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.

Use Terraform to create a security group under the default VPC with the following requirements:

1) The name of the security group must be xfusion-sg.

2) The description must be Security group for Nautilus App Servers.

3) Add an inbound rule of type HTTP, with a port range of 80, and source CIDR range 0.0.0.0/0.

4) Add another inbound rule of type SSH, with a port range of 22, and source CIDR range 0.0.0.0/0.

Ensure that the security group is created in the us-east-1 region using Terraform. The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.

Note: Right-click under the EXPLORER section in VS Code and select Open in Integrated Terminal to launch the terminal.

Steps

1. Create variables.tf file in vs code editor and copy paste these lines:

    variable "sg_name" {
        default = "xfusion-sg"
    }
   
    variable "sg_description" {
        default = "Security group for Nautilus App Servers"
    }
   

2. Now let’s create the main.tf file and copy-paste these lines:

    resource "aws_security_group" "kk_sg" {
    name        = var.sg_name
    description = var.sg_description
   
    tags = {
        Name = var.sg_name
    }
    }
   
    resource "aws_vpc_security_group_ingress_rule" "allow_http" {
    security_group_id = aws_security_group.kk_sg.id
    cidr_ipv4         = "0.0.0.0/0"
    from_port         = 80
    ip_protocol       = "HTTP"
    to_port           = 80
    }
   
    resource "aws_vpc_security_group_ingress_rule" "allow_ssh" {
    security_group_id = aws_security_group.kk_sg.id
    cidr_ipv4         = "0.0.0.0/0"
    from_port         = 22
    ip_protocol       = "SSH"
    to_port           = 22
    }
   

   Here is the main.tf file

3. Let’s open the terminal and run the following commands:

    terraform init
    terraform plan
    terraform apply -auto-approve
   

4. We can verify using terraform state command:

    terraform state list
   

   It should give 3 resources: 1 securiy group and 2 ingress rule for the security group

Video Tutorial

• [Day 95 - Create AWS Security Group

  Youtube](https://youtu.be/FbiC-V_SCT0)

Referrence

• Security Group
• Ingress Rules

Good to Know

• Security Groups: Act as virtual firewalls controlling inbound and outbound traffic at instance level
• Default VPC: AWS automatically creates a default VPC in each region with internet gateway attached
• CIDR 0.0.0.0/0: Allows traffic from any IP address (use with caution in production)
• Ingress vs Egress: Ingress rules control incoming traffic, egress rules control outgoing traffic
• Stateful Rules: Security groups are stateful - return traffic is automatically allowed
• Variables: Using variables makes Terraform configurations reusable and maintainable
• Resource Dependencies: Terraform automatically handles dependencies between security group and ingress rules

This site is open source. Improve this page.