feat: Add rules for SMTP, SMTPS, SaltStack (#220)

da094837 · Callum Scott · GitHub · d4cb2599 · da094837 · da094837
Commit da094837 authored Jun 28, 2021 by Callum Scott Committed by GitHub Jun 28, 2021
21 changed files
--- a/README.md
+++ b/README.md
--- a/modules/README.md
+++ b/modules/README.md
@@ -40,6 +40,9 @@ List of Security Groups implemented as Terraform modules
 * [rdp](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/rdp)
 * [redis](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/redis)
 * [redshift](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/redshift)
+* [smtp](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/smtp)
+* [smtp-submission](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/smtp-submission)
+* [smtps](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/smtps)
 * [solr](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/solr)
 * [splunk](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/splunk)
 * [squid](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/squid)

--- a/modules/smtp-submission/README.md
+++ b/modules/smtp-submission/README.md
--- a/modules/smtp-submission/auto_values.tf
+++ b/modules/smtp-submission/auto_values.tf
+# This file was generated from values defined in rules.tf using update_groups.sh.
+###################################
+# DO NOT CHANGE THIS FILE MANUALLY
+###################################
+
+variable "auto_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = ["smtp-submission-587-tcp", "smtp-submission-2587-tcp"]
+}
+
+variable "auto_ingress_with_self" {
+  description = "List of maps defining ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
+}
+
+variable "auto_egress_rules" {
+  description = "List of egress rules to add automatically"
+  type        = list(string)
+  default     = ["all-all"]
+}
+
+variable "auto_egress_with_self" {
+  description = "List of maps defining egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Computed
+variable "auto_computed_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_ingress_with_self" {
+  description = "List of maps defining computed ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "auto_computed_egress_rules" {
+  description = "List of computed egress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_egress_with_self" {
+  description = "List of maps defining computed egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Number of computed rules
+variable "auto_number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
--- a/modules/smtp-submission/main.tf
+++ b/modules/smtp-submission/main.tf
+module "sg" {
+  source = "../../"
+
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
+
+  ##########
+  # Ingress
+  ##########
+  # Rules by names - open for default CIDR
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))
+
+  # Open for self
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id
+
+  # Default ingress CIDR blocks
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids
+
+  ###################
+  # Computed Ingress
+  ###################
+  # Rules by names - open for default CIDR
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))
+
+  # Open for self
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id
+
+  #############################
+  # Number of computed ingress
+  #############################
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id
+
+  #########
+  # Egress
+  #########
+  # Rules by names - open for default CIDR
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))
+
+  # Open for self
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id
+
+  # Default egress CIDR blocks
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  egress_prefix_list_ids = var.egress_prefix_list_ids
+
+  ##################
+  # Computed Egress
+  ##################
+  # Rules by names - open for default CIDR
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))
+
+  # Open for self
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id
+
+  #############################
+  # Number of computed egress
+  #############################
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
+}
--- a/modules/smtp-submission/outputs.tf
+++ b/modules/smtp-submission/outputs.tf
+output "security_group_id" {
+  description = "The ID of the security group"
+  value       = module.sg.security_group_id
+}
+
+output "security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = module.sg.security_group_vpc_id
+}
+
+output "security_group_owner_id" {
+  description = "The owner ID"
+  value       = module.sg.security_group_owner_id
+}
+
+output "security_group_name" {
+  description = "The name of the security group"
+  value       = module.sg.security_group_name
+}
+
+output "security_group_description" {
+  description = "The description of the security group"
+  value       = module.sg.security_group_description
+}
--- a/modules/smtp-submission/variables.tf
+++ b/modules/smtp-submission/variables.tf
--- a/modules/smtp-submission/versions.tf
+++ b/modules/smtp-submission/versions.tf
+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.42"
+  }
+}
--- a/modules/smtp/README.md
+++ b/modules/smtp/README.md
--- a/modules/smtp/auto_values.tf
+++ b/modules/smtp/auto_values.tf
+# This file was generated from values defined in rules.tf using update_groups.sh.
+###################################
+# DO NOT CHANGE THIS FILE MANUALLY
+###################################
+
+variable "auto_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = ["smtp-tcp"]
+}
+
+variable "auto_ingress_with_self" {
+  description = "List of maps defining ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
+}
+
+variable "auto_egress_rules" {
+  description = "List of egress rules to add automatically"
+  type        = list(string)
+  default     = ["all-all"]
+}
+
+variable "auto_egress_with_self" {
+  description = "List of maps defining egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Computed
+variable "auto_computed_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_ingress_with_self" {
+  description = "List of maps defining computed ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "auto_computed_egress_rules" {
+  description = "List of computed egress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_egress_with_self" {
+  description = "List of maps defining computed egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Number of computed rules
+variable "auto_number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
--- a/modules/smtp/main.tf
+++ b/modules/smtp/main.tf
+module "sg" {
+  source = "../../"
+
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
+
+  ##########
+  # Ingress
+  ##########
+  # Rules by names - open for default CIDR
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))
+
+  # Open for self
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id
+
+  # Default ingress CIDR blocks
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids
+
+  ###################
+  # Computed Ingress
+  ###################
+  # Rules by names - open for default CIDR
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))
+
+  # Open for self
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id
+
+  #############################
+  # Number of computed ingress
+  #############################
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id
+
+  #########
+  # Egress
+  #########
+  # Rules by names - open for default CIDR
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))
+
+  # Open for self
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id
+
+  # Default egress CIDR blocks
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  egress_prefix_list_ids = var.egress_prefix_list_ids
+
+  ##################
+  # Computed Egress
+  ##################
+  # Rules by names - open for default CIDR
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))
+
+  # Open for self
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id
+
+  #############################
+  # Number of computed egress
+  #############################
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
+}
--- a/modules/smtp/outputs.tf
+++ b/modules/smtp/outputs.tf
+output "security_group_id" {
+  description = "The ID of the security group"
+  value       = module.sg.security_group_id
+}
+
+output "security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = module.sg.security_group_vpc_id
+}
+
+output "security_group_owner_id" {
+  description = "The owner ID"
+  value       = module.sg.security_group_owner_id
+}
+
+output "security_group_name" {
+  description = "The name of the security group"
+  value       = module.sg.security_group_name
+}
+
+output "security_group_description" {
+  description = "The description of the security group"
+  value       = module.sg.security_group_description
+}
--- a/modules/smtp/variables.tf
+++ b/modules/smtp/variables.tf
--- a/modules/smtp/versions.tf
+++ b/modules/smtp/versions.tf
+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.42"
+  }
+}
--- a/modules/smtps/README.md
+++ b/modules/smtps/README.md
--- a/modules/smtps/auto_values.tf
+++ b/modules/smtps/auto_values.tf
+# This file was generated from values defined in rules.tf using update_groups.sh.
+###################################
+# DO NOT CHANGE THIS FILE MANUALLY
+###################################
+
+variable "auto_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = ["smtps-465-tcp", "smtps-2465-tcp"]
+}
+
+variable "auto_ingress_with_self" {
+  description = "List of maps defining ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
+}
+
+variable "auto_egress_rules" {
+  description = "List of egress rules to add automatically"
+  type        = list(string)
+  default     = ["all-all"]
+}
+
+variable "auto_egress_with_self" {
+  description = "List of maps defining egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Computed
+variable "auto_computed_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_ingress_with_self" {
+  description = "List of maps defining computed ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "auto_computed_egress_rules" {
+  description = "List of computed egress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_egress_with_self" {
+  description = "List of maps defining computed egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Number of computed rules
+variable "auto_number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
--- a/modules/smtps/main.tf
+++ b/modules/smtps/main.tf
+module "sg" {
+  source = "../../"
+
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
+
+  ##########
+  # Ingress
+  ##########
+  # Rules by names - open for default CIDR
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))
+
+  # Open for self
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id
+
+  # Default ingress CIDR blocks
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids
+
+  ###################
+  # Computed Ingress
+  ###################
+  # Rules by names - open for default CIDR
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))
+
+  # Open for self
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id
+
+  #############################
+  # Number of computed ingress
+  #############################
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id
+
+  #########
+  # Egress
+  #########
+  # Rules by names - open for default CIDR
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))
+
+  # Open for self
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id
+
+  # Default egress CIDR blocks
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  egress_prefix_list_ids = var.egress_prefix_list_ids
+
+  ##################
+  # Computed Egress
+  ##################
+  # Rules by names - open for default CIDR
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))
+
+  # Open for self
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id
+
+  #############################
+  # Number of computed egress
+  #############################
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
+}
--- a/modules/smtps/outputs.tf
+++ b/modules/smtps/outputs.tf
+output "security_group_id" {
+  description = "The ID of the security group"
+  value       = module.sg.security_group_id
+}
+
+output "security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = module.sg.security_group_vpc_id
+}
+
+output "security_group_owner_id" {
+  description = "The owner ID"
+  value       = module.sg.security_group_owner_id
+}
+
+output "security_group_name" {
+  description = "The name of the security group"
+  value       = module.sg.security_group_name
+}
+
+output "security_group_description" {
+  description = "The description of the security group"
+  value       = module.sg.security_group_description
+}
--- a/modules/smtps/variables.tf
+++ b/modules/smtps/variables.tf
--- a/modules/smtps/versions.tf
+++ b/modules/smtps/versions.tf
+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.42"
+  }
+}
--- a/rules.tf
+++ b/rules.tf
@@ -133,6 +133,14 @@ variable "rules" {
    redis-tcp = [6379, 6379, "tcp", "Redis"]
    # Redshift
    redshift-tcp = [5439, 5439, "tcp", "Redshift"]
+    # SaltStack
+    saltstack-tcp = [4505, 4506, "tcp", "SaltStack"]
+    # SMTP
+    smtp-tcp                 = [25, 25, "tcp", "SMTP"]
+    smtp-submission-587-tcp  = [587, 587, "tcp", "SMTP Submission"]
+    smtp-submission-2587-tcp = [2587, 2587, "tcp", "SMTP Submission"]
+    smtps-465-tcp            = [465, 465, "tcp", "SMTPS"]
+    smtps-2456-tcp           = [2465, 2465, "tcp", "SMTPS"]
    # Solr
    solr-tcp = [8983, 8987, "tcp", "Solr"]
    # Splunk
@@ -371,6 +379,21 @@ variable "auto_groups" {
      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
+    smtp = {
+      ingress_rules     = ["smtp-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
+    }
+    smtp-submission = {
+      ingress_rules     = ["smtp-submission-587-tcp", "smtp-submission-2587-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
+    }
+    smtps = {
+      ingress_rules     = ["smtps-465-tcp", "smtps-2465-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
+    }
    solr = {
      ingress_rules     = ["solr-tcp"]
      ingress_with_self = ["all-all"]