SSH-Only Security Group
π¦ Overviewβ
This Terraform module provisions a Security Group that allows inbound SSH access only, scoped to a specified VPC and a list of approved CIDR blocks.
It is designed to provide controlled remote shell access to EC2 instances, bastion hosts, or administrative endpoints.
β Key Featuresβ
- Allows only SSH (TCP port 22) from configurable CIDR blocks
- Permits all outbound traffic by default
- Tags resources for environment-based organization
- Creates the security group within a specified VPC
πΌ Use Casesβ
- Locking down EC2 access to trusted IP ranges
- Deploying secure bastion hosts or jump boxes
- Enabling shell-based administration for ops teams
- Adding a restricted access layer for remote login
π₯ Input Variablesβ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region where the security group will be created |
| vpc_id | string | The VPC ID where the security group should reside |
| ssh_cidr_list | list | List of CIDR blocks allowed to access via SSH (port 22) |
| environment | string | Tag to describe the environment (e.g., dev, staging, prod, ops) |
π€ Outputsβ
| Name | Description |
|---|---|
| security_group_id | The ID of the created security group |
| security_group_name | The name of the created security group |
| vpc_id | The VPC where the security group was created |
π Deployment Readinessβ
- β Compatible with Terraform 1.0+
- β Tested with AWS provider 5.x
- π§ͺ Requires EC2 and VPC permissions for security group management
π οΈ Example Usageβ
module "security_group_ssh_only" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//network-security/security-group-ssh-only?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
ssh_cidr_list = ["203.0.113.0/24"]
environment = "ops"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
π§Ή Cleanup Optionsβ
Terraform Destroy (for test environments):
terraform destroy
or
tofu destroy
Manual Deletion (for production environments):
Use the AWS Console or CLI to manually delete the security group if itβs integrated with production workloads.
π‘οΈ Notesβ
This is a Level 1 module optimized for secure, minimal-access configurations.
It is best used for SSH-only access scenarios such as administration or initial EC2 provisioning. For expanded rule sets or multi-protocol traffic, consider advanced security group modules or Level 2 network stacks.
π Deployment Package Noticeβ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.