Mastering AWS Security Groups with Terraform

Steven Jul 09, 2026

In the realm of cloud security, Amazon Web Services (AWS) Security Groups play a pivotal role in controlling inbound and outbound traffic to your AWS resources. When it comes to managing these security rules, Infrastructure as Code (IaC) tools like Terraform can significantly streamline your workflow. This article delves into the intricacies of AWS Security Group rules and how Terraform can help you manage them efficiently.

AWS Security Services What Are the 5 Core AWS Services
AWS Security Services What Are the 5 Core AWS Services

Before we dive into Terraform, let's briefly understand AWS Security Groups. They act as a virtual firewall for your AWS resources, defining the rules of engagement for inbound and outbound traffic. Security Group rules can either allow or deny traffic based on the protocol, port range, and source/destination. Now, let's explore how Terraform can help you manage these rules.

#cloudsecurity #awssecurity #azuresecurity #gcpsecurity #cybersecurity | Artem Polynko
#cloudsecurity #awssecurity #azuresecurity #gcpsecurity #cybersecurity | Artem Polynko

Defining Security Groups with Terraform

Terraform allows you to define your AWS Security Groups as code, ensuring consistency and version control. Here's a basic example of how you can define a Security Group with Terraform:

the different types of security infos on this page are shown in red, white and blue
the different types of security infos on this page are shown in red, white and blue

<pre> resource "aws_security_group" "example" { name_prefix = "example-" vpc_id = aws_vpc.main.id ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } </pre>

Ingress and Egress Rules

AWS Roadmap for Beginners 2026
AWS Roadmap for Beginners 2026

In the above example, we've defined an ingress rule that allows SSH traffic from any IP address, and an egress rule that allows all outbound traffic. Terraform allows you to define multiple ingress and egress rules, providing a flexible way to manage your Security Group rules.

You can also define rules based on source Security Groups, not just CIDR blocks. This allows for more granular control over your traffic rules. Here's an example:

<pre> resource "aws_security_group" "example" { name_prefix = "example-" vpc_id = aws_vpc.main.id ingress { from_port = 22 to_port = 22 protocol = "tcp" security_groups = ["${aws_security_group.bastion.id}"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } </pre>

GoDaddy
GoDaddy

Security Group Associations

Terraform also allows you to associate your Security Groups with AWS resources like EC2 instances. This ensures that your resources are always protected by the Security Group rules you've defined. Here's an example:

<pre> resource "aws_instance" "example" { ami = "ami-0c94855ba95c71c99" instance_type = "t2.micro" vpc_security_group_ids = ["${aws_security_group.example.id}"] } </pre>

a circular diagram showing the security and protection areas for people with special needs to protect themselves
a circular diagram showing the security and protection areas for people with special needs to protect themselves

Managing Security Group Rules with Terraform

Terraform not only allows you to define Security Groups but also to manage their rules. You can add, remove, or modify rules as needed, all within your Terraform configuration. This ensures that your Security Group rules are always in sync with your infrastructure as code.

Core AWS Security Services – qualimente
Core AWS Security Services – qualimente
Aws Cheat Sheet, Aws Services Cheat Sheet, Aws Cloud Practitioner Cheat Sheet, Cloud Practitioner, Aws Cloud Computing, Aws Cloud Practitioner, Flow Chart Design, Aws Lambda, Enterprise Architecture
Aws Cheat Sheet, Aws Services Cheat Sheet, Aws Cloud Practitioner Cheat Sheet, Cloud Practitioner, Aws Cloud Computing, Aws Cloud Practitioner, Flow Chart Design, Aws Lambda, Enterprise Architecture
AWS S3 Bucket Naming Rules for Beginners | SAA-C03 Exam Tips
AWS S3 Bucket Naming Rules for Beginners | SAA-C03 Exam Tips
aws_security_incident_response.pdf
aws_security_incident_response.pdf
the top 10 aws use cases
the top 10 aws use cases
a diagram showing the different types of networked devices and how they are connected to each other
a diagram showing the different types of networked devices and how they are connected to each other
the aws security management manual is displayed in this screenshote, which shows how to
the aws security management manual is displayed in this screenshote, which shows how to
owasp top 10 web application vulnerabilities
owasp top 10 web application vulnerabilities
the cloud security framework for aws is shown in this screenshote, which shows how
the cloud security framework for aws is shown in this screenshote, which shows how
𝗥𝗶𝘀𝗸𝘆 𝗚𝗶𝘁𝗛𝘂𝗯 𝗢𝗜𝗗𝗖 𝗮𝗻𝗱 𝗙𝗲𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗔𝗰𝗰𝗲𝘀𝘀 Federated access is powerful. But weak federation rules...
𝗥𝗶𝘀𝗸𝘆 𝗚𝗶𝘁𝗛𝘂𝗯 𝗢𝗜𝗗𝗖 𝗮𝗻𝗱 𝗙𝗲𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗔𝗰𝗰𝗲𝘀𝘀 Federated access is powerful. But weak federation rules...
the aws technology simplified diagram
the aws technology simplified diagram
Cloud Security Audit Services | Secure AWS, Azure & Google Cloud
Cloud Security Audit Services | Secure AWS, Azure & Google Cloud
AI Security Threats for Personal Use, Teams, and Agents – Vasyl Ivanov
AI Security Threats for Personal Use, Teams, and Agents – Vasyl Ivanov
Building a Secure Private Cloud Network on AWS with Transit Gateway and SSM (2025 Guide)
Building a Secure Private Cloud Network on AWS with Transit Gateway and SSM (2025 Guide)
an info sheet with the words local rag architecture in purple and blue on black background
an info sheet with the words local rag architecture in purple and blue on black background
an info sheet with information about the different types of cheethhets and how to use them
an info sheet with information about the different types of cheethhets and how to use them
Post from ByteByteGo
Post from ByteByteGo
the top 25 aws services are displayed in this graphic style, with different colors and sizes
the top 25 aws services are displayed in this graphic style, with different colors and sizes
𝗜𝗔𝗠 𝗥𝗶𝘀𝗸 𝗣𝗼𝘀𝘁 — 𝗧𝗵𝗲 𝗥𝗼𝗹𝗲 𝗘𝘃𝗲𝗿𝘆𝗼𝗻𝗲 𝗧𝗿𝘂𝘀𝘁𝗲𝗱 It may be used by deployments, developers, automation,...
𝗜𝗔𝗠 𝗥𝗶𝘀𝗸 𝗣𝗼𝘀𝘁 — 𝗧𝗵𝗲 𝗥𝗼𝗹𝗲 𝗘𝘃𝗲𝗿𝘆𝗼𝗻𝗲 𝗧𝗿𝘂𝘀𝘁𝗲𝗱 It may be used by deployments, developers, automation,...
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

Let's say you want to add a new ingress rule to allow HTTP traffic. You can do this by adding a new `ingress` block to your Security Group resource:

<pre> resource "aws_security_group" "example" { # ... existing configuration ... ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } </pre>

With Terraform, managing AWS Security Group rules becomes a breeze. You can version control your rules, ensure consistency across environments, and automate the process of applying these rules to your resources. Moreover, Terraform's locking and state management features ensure that your Security Group rules are always protected and up-to-date.

In the dynamic world of cloud security, staying ahead of the curve is not just an advantage, it's a necessity. By leveraging Terraform to manage your AWS Security Group rules, you're taking a significant step towards achieving this. So, start exploring the power of Infrastructure as Code today and elevate your cloud security management to the next level.