Overview
Security Groups and Key Pairs are fundamental for protecting your AWS infrastructure and managing SSH access. By leveraging well-tested community modules, you can apply best practices without reinventing the wheel.Prerequisites
- Terraform v1.0+ installed
- Terragrunt v0.35+ installed
- AWS CLI configured with proper credentials
- Existing VPC and networking resources deployed
Community Terraform Modules
| Module | Description | Registry Link |
|---|---|---|
| terraform-aws-modules/security-group/aws | Creates customizable Security Groups | https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest |
| terraform-aws-modules/key-pair/aws | Manages EC2 Key Pairs and public keys | https://registry.terraform.io/modules/terraform-aws-modules/key-pair/aws/latest |
Directory Structure
development and production) contains its own terragrunt.hcl to customize inputs and lifecycle settings.
terragrunt.hcl Example
Deployment Steps
- Change into the environment folder:
- Initialize Terragrunt (which also initializes Terraform):
- Review the execution plan:
- Apply changes to provision resources:
Repeat these steps in each environment directory (
development, production) to maintain isolation and environment-specific configurations.Customizing Input Variables
Adjust the following inputs for each environment:| Variable | Description | Example |
|---|---|---|
allowed_ssh_cidr_blocks | CIDR blocks permitted for SSH access | ["203.0.113.0/24"] |
ingress_rules | List of ingress rules for the Security Group | See terragrunt.hcl Example above |
key_pair_name | Name for the EC2 Key Pair | "dev-keypair" |
public_key_path | Local path to your public SSH key | "~/.ssh/id_rsa.pub" |
Never commit your private SSH keys (
~/.ssh/id_rsa) to version control. Always reference only the public key in Terraform.