Reading some tf code for a postgresql related vpc security group, I see this
resource "aws_security_group" "xxx" {
name = "xxx"
description = "xxx"
vpc_id = xxxx
ingress {
description = "xxxx"
from_port = 5432
to_port = 5432
protocol = "TCP"
self = true
}
}
What does this ingress allows? What does the self mean and what is the significance of same from_port and to_port?
I went through the documentation but I am still not very clear.
From port and to port allows you to define a range of ports. For example lets say you had an app that listened on port 5000, 5001, 5002, 5003, 5004, 5005. Instead of defining a rule for each port you could just say from_port = 5000 and to_port = 5005. it is effectivly defning a range or ports like 5000 - 5005. In your exmaple since the from and to port are the same it will only allow traffic on that port and no other. From the terraform docs
from_port - (Required) Start port (or ICMP type number if protocol is icmp or icmpv6).
to_port - (Required) End range port (or ICMP code if protocol is icmp).
As for the self part, this means it will allow allow traffic from any other interface within the same security group. I.E that has this security group assigned to it. its saying I only accept inbound traffic from myself. I.E anything which has this security group can send to port 5432 to anything else with this security group.
self - (Optional) Whether the security group itself will be added as a source to this ingress rule.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group