provisioning-2/modules/securitygroup/main.tf

# ---------------------------
# セキュリティグループ
# ---------------------------
# ALB用
resource "aws_security_group" "alb_sg" {
  name        = "${var.name_prefix}${var.env}-${var.alb_sg_name}"
  description = "for alb"
  vpc_id      = var.vpc_id
  tags = {
    Name = "${var.name_prefix}${var.env}-${var.alb_sg_name}"
  }
}

# EC2用
resource "aws_security_group" "ec2_sg" {
  name        = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"
  description = "for ec2"
  vpc_id      = var.vpc_id
  tags = {
    Name = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"
  }
}

# RDS用
resource "aws_security_group" "rds_sg" {
  name        = "${var.name_prefix}${var.env}-${var.rds_sg_name}"
  description = "for rds"
  vpc_id      = var.vpc_id
  tags = {
    Name = "${var.name_prefix}${var.env}-${var.rds_sg_name}"
  }
}

# ---------------------------
# セキュリティグループルール
# ---------------------------
# ALB用インバウンドルール http
resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_http" {
  security_group_id = aws_security_group.alb_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 80
  to_port           = 80
  ip_protocol       = "tcp"
}

# ALB用インバウンドルール https
resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_https" {
  security_group_id = aws_security_group.alb_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 443
  to_port           = 443
  ip_protocol       = "tcp"
}

# ALB用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "alb_sg_allow_all" {
  security_group_id = aws_security_group.alb_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}

# EC2用インバウンドルール http
resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_http" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 80
  to_port           = 80
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール https
resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_https" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 443
  to_port           = 443
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール インスタンスコネクト
resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_instance_connect" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "3.112.23.0/29"
  from_port         = 22
  to_port           = 22
  ip_protocol       = "tcp"
}

# EC2用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "ec2_sg_allow_all" {
  security_group_id = aws_security_group.ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}

# RDS用インバウンドルール mysql
resource "aws_vpc_security_group_ingress_rule" "rds_sg_allow_mysql" {
  security_group_id = aws_security_group.rds_sg.id
  cidr_ipv4         = var.vpc_cidr_block
  from_port         = 3306
  to_port           = 3306
  ip_protocol       = "tcp"
}

# RDS用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "rds_sg_allow_all" {
  security_group_id = aws_security_group.rds_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}