Month: February 2022

Terraform – Specify EC2 Instance Security Group

Using Terraform, you may specify the security group that will be associated with the Elastic Network Interface (ENI) of an Amazon EC2 instance during provisioning using the vpc_security_group_ids argument and the security group ID.

The syntax for the vpc_security_group_ids argument is displayed below.

vpc_security_group_ids = [aws_security_group.security-group.id]


Terraform – EC2 Security Group ICMP Rule

Using Terraform, you may configure a security group for an Amazon EC2 instance. The rule below will create an ingress rule that will allow all ICMP IPv4 traffic from any network.

As this is an example for education purposes, you may consider restricting the source IP address(es) in the cidr_blocks argument.

ingress {
description = “Allow all incoming ICMP – IPv4 traffic”
from_port = -1
to_port = -1
protocol = “icmp”
cidr_blocks = [“0.0.0.0/0”]
}


Linktree – Noel Alvarez

You may find my Linktree URL here.

At the time of this post it contains this blog, my GitHub account, and Twitter account.


Amazon Web Services – IAM Role for VPC Flow Logs

Configuring VPC flow logs to publish to CloudWatch logs will require an IAM role to publish the logs to the specified log group in CloudWatch. Amazon Web Services provides great documentation on this which may be found here.

The IAM policy for the role must at a minimum include the following permission.