jmsdnns · March 1, 2025 19:48
diff --git a/create_sg.rs b/create_sg.rs
 pub async fn create_security_group(client: &Client, ac: &AppConfig) -> Result<String, Error> {
    let vpc_id = ac.vpc_id.as_ref().unwrap();
    let tag_specifications = create_tag_spec(ac, ResourceType::SecurityGroup);
    let ssh_cidr_block = ac.ssh_cidr_block.as_ref().unwrap();
    println!("[create_security_group] vpc_id {:?}", vpc_id);
    println!("[create_security_group] tags {:?}", tag_specifications);
    println!("[create_security_group] ssh cidr {:?}", ssh_cidr_block);

    let response = client
        .create_security_group()
        .vpc_id(vpc_id.clone())
        .group_name("allow-ssh")
        .description("Allow SSH inbound traffic")
        .tag_specifications(tag_specifications)
        .send()
        .await?;

    let sg_id = response.group_id.unwrap();

    println!("[create_security_group] success {:?}", sg_id);

    // Add ingress rule to allow SSH
    client
        .authorize_security_group_ingress()
        .group_id(&sg_id)
        .set_ip_permissions(Some(vec![
            IpPermission::builder()
                .ip_protocol("tcp")
                .from_port(22)
                .to_port(22)
                .ip_ranges(
                    IpRange::builder()
                        .cidr_ip(ssh_cidr_block.to_string())
                        .build(),
                )
                .build(),
        ]))
        .send()
        .await?;

    println!("[create_security_group] ingress");

    // Add egress rule to allow all outbound traffic
    client
        .authorize_security_group_egress()
        .group_id(&sg_id)
        .set_ip_permissions(Some(vec![
            IpPermission::builder()
                .ip_protocol("tcp")
                .from_port(0)
                .to_port(0)
                .ip_ranges(IpRange::builder().cidr_ip("0.0.0.0/0").build())
                .build(),
        ]))
        .send()
        .await?;

    println!("[create_security_group] egress");

    Ok(sg_id.clone())
 }
diff --git a/create_sg.tf b/create_sg.tf
 resource "aws_security_group" "beez" {
  description = "Allow SSH inbound traffic"
  name        = "allow-ssh"
  vpc_id      = var.create_vpc ? aws_vpc.beez[0].id : var.vpc_id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [var.user_cidr]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = var.tag_name
  }
 }
	pub async fn create_security_group(client: &Client, ac: &AppConfig) -> Result<String, Error> {
	let vpc_id = ac.vpc_id.as_ref().unwrap();
	let tag_specifications = create_tag_spec(ac, ResourceType::SecurityGroup);
	let ssh_cidr_block = ac.ssh_cidr_block.as_ref().unwrap();
	println!("[create_security_group] vpc_id {:?}", vpc_id);
	println!("[create_security_group] tags {:?}", tag_specifications);
	println!("[create_security_group] ssh cidr {:?}", ssh_cidr_block);

	let response = client
	.create_security_group()
	.vpc_id(vpc_id.clone())
	.group_name("allow-ssh")
	.description("Allow SSH inbound traffic")
	.tag_specifications(tag_specifications)
	.send()
	.await?;

	let sg_id = response.group_id.unwrap();

	println!("[create_security_group] success {:?}", sg_id);

	// Add ingress rule to allow SSH
	client
	.authorize_security_group_ingress()
	.group_id(&sg_id)
	.set_ip_permissions(Some(vec![
	IpPermission::builder()
	.ip_protocol("tcp")
	.from_port(22)
	.to_port(22)
	.ip_ranges(
	IpRange::builder()
	.cidr_ip(ssh_cidr_block.to_string())
	.build(),
	)
	.build(),
	]))
	.send()
	.await?;

	println!("[create_security_group] ingress");

	// Add egress rule to allow all outbound traffic
	client
	.authorize_security_group_egress()
	.group_id(&sg_id)
	.set_ip_permissions(Some(vec![
	IpPermission::builder()
	.ip_protocol("tcp")
	.from_port(0)
	.to_port(0)
	.ip_ranges(IpRange::builder().cidr_ip("0.0.0.0/0").build())
	.build(),
	]))
	.send()
	.await?;

	println!("[create_security_group] egress");

	Ok(sg_id.clone())
	}
	resource "aws_security_group" "beez" {
	description = "Allow SSH inbound traffic"
	name = "allow-ssh"
	vpc_id = var.create_vpc ? aws_vpc.beez[0].id : var.vpc_id

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = [var.user_cidr]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}

	tags = {
	Name = var.tag_name
	}
	}