You may implement a self-referential group by splitting the 'sec group' from rules using the resources 'aws_security_group' and 'aws_security_group_rule'
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "${local.vpc_id}"
}
resource "aws_security_group_rule" "sec_group_allow_tcp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_udp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "udp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865 // first part of port range
to_port = 1865 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
For more details on Terraform, you can check out the video tutorial below.