provisioning-2/modules/securitygroup/main.tf

# ---------------------------
# セキュリティグループ
# ---------------------------
# ALB用
resource "aws_security_group" "alb_sg" {
  name        = "${var.name_prefix}${var.env}-${var.alb_sg_name}"
  description = "for alb"
  vpc_id      = var.vpc_id
  tags = {
    Name = "${var.name_prefix}${var.env}-${var.alb_sg_name}"
  }
}

# EC2用
resource "aws_security_group" "ec2_sg" {
  name        = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"
  description = "for ec2"
  vpc_id      = var.vpc_id
  tags = {
    Name = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"
  }
}

# RDS用
resource "aws_security_group" "rds_sg" {
  name        = "${var.name_prefix}${var.env}-${var.rds_sg_name}"
  description = "for rds"
  vpc_id      = var.vpc_id
  tags = {
    Name = "${var.name_prefix}${var.env}-${var.rds_sg_name}"
  }
}

# ---------------------------
# セキュリティグループルール
# ---------------------------
# ALB用インバウンドルール http
resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_http" {
  security_group_id = aws_security_group.alb_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 80
  to_port           = 80
  ip_protocol       = "tcp"
}

# ALB用インバウンドルール https
resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_https" {
  security_group_id = aws_security_group.alb_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 443
  to_port           = 443
  ip_protocol       = "tcp"
}

# ALB用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "alb_sg_allow_all" {
  security_group_id = aws_security_group.alb_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}

# EC2用インバウンドルール http
resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_http" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 80
  to_port           = 80
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール https
resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_https" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 443
  to_port           = 443
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール インスタンスコネクト
resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_instance_connect" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "3.112.23.0/29"
  from_port         = 22
  to_port           = 22
  ip_protocol       = "tcp"
}

# EC2用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "ec2_sg_allow_all" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}

# RDS用インバウンドルール mysql
resource "aws_vpc_security_group_ingress_rule" "rds_sg_allow_mysql" {
  security_group_id = aws_security_group.rds_sg.id
  cidr_ipv4         = var.vpc_cidr_block
  from_port         = 3306
  to_port           = 3306
  ip_protocol       = "tcp"
}

# RDS用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "rds_sg_allow_all" {
  security_group_id = aws_security_group.rds_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}
first commit 2025-07-03 17:09:15 +09:00			`# ---------------------------`
			`# セキュリティグループ`
			`# ---------------------------`
			`# ALB用`
			`resource "aws_security_group" "alb_sg" {`
			`name = "${var.name_prefix}${var.env}-${var.alb_sg_name}"`
			`description = "for alb"`
			`vpc_id = var.vpc_id`
			`tags = {`
			`Name = "${var.name_prefix}${var.env}-${var.alb_sg_name}"`
			`}`
			`}`

			`# EC2用`
			`resource "aws_security_group" "ec2_sg" {`
			`name = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"`
			`description = "for ec2"`
			`vpc_id = var.vpc_id`
			`tags = {`
			`Name = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"`
			`}`
			`}`

			`# RDS用`
			`resource "aws_security_group" "rds_sg" {`
			`name = "${var.name_prefix}${var.env}-${var.rds_sg_name}"`
			`description = "for rds"`
			`vpc_id = var.vpc_id`
			`tags = {`
			`Name = "${var.name_prefix}${var.env}-${var.rds_sg_name}"`
			`}`
			`}`

			`# ---------------------------`
			`# セキュリティグループルール`
			`# ---------------------------`
			`# ALB用インバウンドルール http`
			`resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_http" {`
			`security_group_id = aws_security_group.alb_sg.id`
			`cidr_ipv4 = "0.0.0.0/0"`
			`from_port = 80`
			`to_port = 80`
			`ip_protocol = "tcp"`
			`}`

			`# ALB用インバウンドルール https`
			`resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_https" {`
			`security_group_id = aws_security_group.alb_sg.id`
			`cidr_ipv4 = "0.0.0.0/0"`
			`from_port = 443`
			`to_port = 443`
			`ip_protocol = "tcp"`
			`}`

			`# ALB用アウトバウンドルール any`
			`resource "aws_vpc_security_group_egress_rule" "alb_sg_allow_all" {`
			`security_group_id = aws_security_group.alb_sg.id`
			`cidr_ipv4 = "0.0.0.0/0"`
			`ip_protocol = "-1"`
			`}`

			`# EC2用インバウンドルール http`
			`resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_http" {`
			`security_group_id = aws_security_group.ec2_sg.id`
			`cidr_ipv4 = "0.0.0.0/0"`
			`from_port = 80`
			`to_port = 80`
			`ip_protocol = "tcp"`
			`}`

			`# EC2用インバウンドルール https`
			`resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_https" {`
			`security_group_id = aws_security_group.ec2_sg.id`
			`cidr_ipv4 = "0.0.0.0/0"`
			`from_port = 443`
			`to_port = 443`
			`ip_protocol = "tcp"`
			`}`

			`# EC2用インバウンドルールインスタンスコネクト`
			`resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_instance_connect" {`
			`security_group_id = aws_security_group.ec2_sg.id`
			`cidr_ipv4 = "3.112.23.0/29"`
			`from_port = 22`
			`to_port = 22`
			`ip_protocol = "tcp"`
			`}`

			`# EC2用アウトバウンドルール any`
			`resource "aws_vpc_security_group_egress_rule" "ec2_sg_allow_all" {`
			`security_group_id = aws_security_group.ec2_sg.id`
			`cidr_ipv4 = "0.0.0.0/0"`
			`ip_protocol = "-1"`
			`}`

			`# RDS用インバウンドルール mysql`
			`resource "aws_vpc_security_group_ingress_rule" "rds_sg_allow_mysql" {`
			`security_group_id = aws_security_group.rds_sg.id`
			`cidr_ipv4 = var.vpc_cidr_block`
			`from_port = 3306`
			`to_port = 3306`
			`ip_protocol = "tcp"`
			`}`

			`# RDS用アウトバウンドルール any`
			`resource "aws_vpc_security_group_egress_rule" "rds_sg_allow_all" {`
			`security_group_id = aws_security_group.rds_sg.id`
			`cidr_ipv4 = "0.0.0.0/0"`
			`ip_protocol = "-1"`
			`}`