What are ingress security groups in AWS / Terraform

Question

When defining an AWS security group in Terraform, you can set up inbound/ingress configurations. However, these ingress configurations can also point at other security groups. The terraform documentation simply says "(Optional) List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC."

What does this accomplish? I don't see any place in the AWS management console where this can be reproduced.

resource "aws_security_group" "new_security_group" {
    vpc_id = "${var.vpc_id}"

    ingress {
        protocol = "tcp"
        security_groups = ["${var.load_balancer_security_group_id}"]
        from_port = 80
        to_port = 80
    }

    ingress {
        protocol = "tcp"
        security_groups = ["${var.load_balancer_security_group_id"]
        from_port = 443
        to_port = 443
    }
}

In the example I ran across each of the ingress ports reference an entirely separate security group set up for an elastic load balancer.

score 2 · Accepted Answer · answered May 01 '18 at 22:02

2

This allows you to set up rules like "allow the webserver security group to access the database security group group on port 3306", and is possible via the AWS Console as well - just start typing the name of a security group in the IP field when setting up a rule.

answered May 01 '18 at 22:02

ceejayoz

32,910
7
82
106

So in this case instead of specifying something like a `CIDR` block for each ingress section I can add a security group and any traffic from that security group will be allowed in? – diplosaurus May 01 '18 at 22:12
@diplosaurus Yup. – ceejayoz May 02 '18 at 00:11

What are ingress security groups in AWS / Terraform

1 Answers1