From 593cedc8692d784386068d8c1affab78294adf26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20Iglesias=20Garc=C3=ADa?=
 <55031066+manueliglesiasgarcia@users.noreply.github.com>
Date: Wed, 13 May 2020 20:14:04 +0100
Subject: [PATCH 01/16] feat: Adding support for MinIO (#174)

---
 modules/README.md            |   1 +
 modules/minio/README.md      | 109 +++++++++++
 modules/minio/auto_values.tf |  79 ++++++++
 modules/minio/main.tf        | 114 ++++++++++++
 modules/minio/outputs.tf     |  24 +++
 modules/minio/variables.tf   | 342 +++++++++++++++++++++++++++++++++++
 modules/minio/versions.tf    |   7 +
 rules.tf                     |   7 +
 8 files changed, 683 insertions(+)
 create mode 100644 modules/minio/README.md
 create mode 100644 modules/minio/auto_values.tf
 create mode 100644 modules/minio/main.tf
 create mode 100644 modules/minio/outputs.tf
 create mode 100644 modules/minio/variables.tf
 create mode 100644 modules/minio/versions.tf

diff --git a/modules/README.md b/modules/README.md
index bda02371..51912dda 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -22,6 +22,7 @@ List of Security Groups implemented as Terraform modules
 * [kubernetes-api](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/kubernetes-api)
 * [ldaps](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ldaps)
 * [memcached](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/memcached)
+* [minio](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/minio)
 * [mongodb](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mongodb)
 * [mssql](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mssql)
 * [mysql](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mysql)
diff --git a/modules/minio/README.md b/modules/minio/README.md
new file mode 100644
index 00000000..c1f20149
--- /dev/null
+++ b/modules/minio/README.md
@@ -0,0 +1,109 @@
+# minio - AWS EC2-VPC Security Group Terraform module
+
+## Usage
+
+```hcl
+module "minio_security_group" {
+  source  = "terraform-aws-modules/security-group/aws//modules/minio"
+  version = "~> 3.0"
+
+  # omitted...
+}
+```
+
+All automatic values **minio module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/minio/auto_values.tf).
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | ~> 0.12.6 |
+| aws | ~> 2.42 |
+
+## Providers
+
+No provider.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | `list(string)` | `[]` | no |
+| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | `[]` | no |
+| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_egress\_rules | List of egress rules to add automatically | `list(string)` | <pre>[<br>  "all-all"<br>]</pre> | no |
+| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | <pre>[<br>  "minio-tcp"<br>]</pre> | no |
+| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | `list(map(string))` | <pre>[<br>  {<br>    "rule": "all-all"<br>  }<br>]</pre> | no |
+| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | `number` | `0` | no |
+| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
+| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | `number` | `0` | no |
+| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
+| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no |
+| computed\_egress\_rules | List of computed egress rules to create by name | `list(string)` | `[]` | no |
+| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_rules | List of computed ingress rules to create by name | `list(string)` | `[]` | no |
+| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| create | Whether to create security group and all rules | `bool` | `true` | no |
+| description | Description of security group | `string` | `"Security Group managed by Terraform"` | no |
+| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no |
+| egress\_rules | List of egress rules to create by name | `list(string)` | `[]` | no |
+| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| egress\_with\_self | List of egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_rules | List of ingress rules to create by name | `list(string)` | `[]` | no |
+| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| ingress\_with\_self | List of ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| name | Name of security group | `string` | n/a | yes |
+| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
+| use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
+| vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this\_security\_group\_description | The description of the security group |
+| this\_security\_group\_id | The ID of the security group |
+| this\_security\_group\_name | The name of the security group |
+| this\_security\_group\_owner\_id | The owner ID |
+| this\_security\_group\_vpc\_id | The VPC ID |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/minio/auto_values.tf b/modules/minio/auto_values.tf
new file mode 100644
index 00000000..d5df7976
--- /dev/null
+++ b/modules/minio/auto_values.tf
@@ -0,0 +1,79 @@
+# This file was generated from values defined in rules.tf using update_groups.sh.
+###################################
+# DO NOT CHANGE THIS FILE MANUALLY
+###################################
+
+variable "auto_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = ["minio-tcp"]
+}
+
+variable "auto_ingress_with_self" {
+  description = "List of maps defining ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
+}
+
+variable "auto_egress_rules" {
+  description = "List of egress rules to add automatically"
+  type        = list(string)
+  default     = ["all-all"]
+}
+
+variable "auto_egress_with_self" {
+  description = "List of maps defining egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Computed
+variable "auto_computed_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_ingress_with_self" {
+  description = "List of maps defining computed ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "auto_computed_egress_rules" {
+  description = "List of computed egress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_egress_with_self" {
+  description = "List of maps defining computed egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Number of computed rules
+variable "auto_number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
diff --git a/modules/minio/main.tf b/modules/minio/main.tf
new file mode 100644
index 00000000..2c85546f
--- /dev/null
+++ b/modules/minio/main.tf
@@ -0,0 +1,114 @@
+module "sg" {
+  source = "../../"
+
+  create          = var.create
+  name            = var.name
+  use_name_prefix = var.use_name_prefix
+  description     = var.description
+  vpc_id          = var.vpc_id
+  tags            = var.tags
+
+  ##########
+  # Ingress
+  ##########
+  # Rules by names - open for default CIDR
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))
+
+  # Open for self
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id
+
+  # Default ingress CIDR blocks
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids
+
+  ###################
+  # Computed Ingress
+  ###################
+  # Rules by names - open for default CIDR
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))
+
+  # Open for self
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id
+
+  #############################
+  # Number of computed ingress
+  #############################
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id
+
+  #########
+  # Egress
+  #########
+  # Rules by names - open for default CIDR
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))
+
+  # Open for self
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id
+
+  # Default egress CIDR blocks
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  egress_prefix_list_ids = var.egress_prefix_list_ids
+
+  ##################
+  # Computed Egress
+  ##################
+  # Rules by names - open for default CIDR
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))
+
+  # Open for self
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id
+
+  #############################
+  # Number of computed egress
+  #############################
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
+}
diff --git a/modules/minio/outputs.tf b/modules/minio/outputs.tf
new file mode 100644
index 00000000..3d7ad67f
--- /dev/null
+++ b/modules/minio/outputs.tf
@@ -0,0 +1,24 @@
+output "this_security_group_id" {
+  description = "The ID of the security group"
+  value       = module.sg.this_security_group_id
+}
+
+output "this_security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = module.sg.this_security_group_vpc_id
+}
+
+output "this_security_group_owner_id" {
+  description = "The owner ID"
+  value       = module.sg.this_security_group_owner_id
+}
+
+output "this_security_group_name" {
+  description = "The name of the security group"
+  value       = module.sg.this_security_group_name
+}
+
+output "this_security_group_description" {
+  description = "The description of the security group"
+  value       = module.sg.this_security_group_description
+}
diff --git a/modules/minio/variables.tf b/modules/minio/variables.tf
new file mode 100644
index 00000000..354b9e37
--- /dev/null
+++ b/modules/minio/variables.tf
@@ -0,0 +1,342 @@
+#################
+# Security group
+#################
+variable "create" {
+  description = "Whether to create security group and all rules"
+  type        = bool
+  default     = true
+}
+
+variable "vpc_id" {
+  description = "ID of the VPC where to create security group"
+  type        = string
+}
+
+variable "name" {
+  description = "Name of security group"
+  type        = string
+}
+
+variable "use_name_prefix" {
+  description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation"
+  type        = bool
+  default     = true
+}
+
+variable "description" {
+  description = "Description of security group"
+  type        = string
+  default     = "Security Group managed by Terraform"
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to security group"
+  type        = map(string)
+  default     = {}
+}
+
+##########
+# Ingress
+##########
+variable "ingress_rules" {
+  description = "List of ingress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_with_self" {
+  description = "List of ingress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_cidr_blocks" {
+  description = "List of ingress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_ipv6_cidr_blocks" {
+  description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_source_security_group_id" {
+  description = "List of ingress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+###################
+# Computed Ingress
+###################
+variable "computed_ingress_rules" {
+  description = "List of computed ingress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_with_self" {
+  description = "List of computed ingress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_ipv6_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_source_security_group_id" {
+  description = "List of computed ingress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+###################################
+# Number of computed ingress rules
+###################################
+variable "number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_source_security_group_id" {
+  description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+#########
+# Egress
+#########
+variable "egress_rules" {
+  description = "List of egress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "egress_with_self" {
+  description = "List of egress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_cidr_blocks" {
+  description = "List of egress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_ipv6_cidr_blocks" {
+  description = "List of egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_source_security_group_id" {
+  description = "List of egress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all egress rules"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
+variable "egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all egress rules"
+  type        = list(string)
+  default     = ["::/0"]
+}
+
+variable "egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
+  type        = list(string)
+  default     = []
+}
+
+##################
+# Computed Egress
+##################
+variable "computed_egress_rules" {
+  description = "List of computed egress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_egress_with_self" {
+  description = "List of computed egress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_cidr_blocks" {
+  description = "List of computed egress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_ipv6_cidr_blocks" {
+  description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_source_security_group_id" {
+  description = "List of computed egress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed egress rules"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
+variable "computed_egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed egress rules"
+  type        = list(string)
+  default     = ["::/0"]
+}
+
+variable "computed_egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  type        = list(string)
+  default     = []
+}
+
+##################################
+# Number of computed egress rules
+##################################
+variable "number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_source_security_group_id" {
+  description = "Number of computed egress rules to create where 'source_security_group_id' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
diff --git a/modules/minio/versions.tf b/modules/minio/versions.tf
new file mode 100644
index 00000000..b8569144
--- /dev/null
+++ b/modules/minio/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_version = "~> 0.12.6"
+
+  required_providers {
+    aws = "~> 2.42"
+  }
+}
diff --git a/rules.tf b/rules.tf
index f88bb418..c96a9385 100644
--- a/rules.tf
+++ b/rules.tf
@@ -80,6 +80,8 @@ variable "rules" {
     ldaps-tcp = [636, 636, "tcp", "LDAPS"]
     # Memcached
     memcached-tcp = [11211, 11211, "tcp", "Memcached"]
+    # MinIO
+    minio-tcp = [9000, 9000, "tcp", "MinIO"]    
     # MongoDB
     mongodb-27017-tcp = [27017, 27017, "tcp", "MongoDB"]
     mongodb-27018-tcp = [27018, 27018, "tcp", "MongoDB shard"]
@@ -271,6 +273,11 @@ variable "auto_groups" {
       ingress_with_self = ["all-all"]
       egress_rules      = ["all-all"]
     }
+    minio = {
+      ingress_rules     = ["minio-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
+    }
     mongodb = {
       ingress_rules     = ["mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp"]
       ingress_with_self = ["all-all"]

From 373e0d324cc57e4302842b199cd6b660f493c584 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 13 May 2020 21:15:43 +0200
Subject: [PATCH 02/16] fix: Fixed MinIO rules formatting

---
 README.md | 4 ++--
 rules.tf  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index af4b5718..81cbddfe 100644
--- a/README.md
+++ b/README.md
@@ -174,7 +174,7 @@ No issue is creating limit on this module.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
+| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "minio": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "minio-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
 | computed\_egress\_rules | List of computed egress rules to create by name | `list(string)` | `[]` | no |
 | computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
 | computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
@@ -214,7 +214,7 @@ No issue is creating limit on this module.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
-| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
+| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/rules.tf b/rules.tf
index c96a9385..d190f74d 100644
--- a/rules.tf
+++ b/rules.tf
@@ -81,7 +81,7 @@ variable "rules" {
     # Memcached
     memcached-tcp = [11211, 11211, "tcp", "Memcached"]
     # MinIO
-    minio-tcp = [9000, 9000, "tcp", "MinIO"]    
+    minio-tcp = [9000, 9000, "tcp", "MinIO"]
     # MongoDB
     mongodb-27017-tcp = [27017, 27017, "tcp", "MongoDB"]
     mongodb-27018-tcp = [27018, 27018, "tcp", "MongoDB shard"]

From 8799422bab175e523ac6ddbf7d44fe6b0a1dc627 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 13 May 2020 21:15:56 +0200
Subject: [PATCH 03/16] Updated CHANGELOG

---
 CHANGELOG.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a2a654ce..e2921d4d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="v3.10.0"></a>
+## [v3.10.0] - 2020-05-13
+
+- fix: Fixed MinIO rules formatting
+- feat: Adding support for MinIO ([#174](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/174))
+
+
 <a name="v3.9.0"></a>
 ## [v3.9.0] - 2020-05-11
 
@@ -414,7 +421,8 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.9.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.10.0...HEAD
+[v3.10.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.9.0...v3.10.0
 [v3.9.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.8.0...v3.9.0
 [v3.8.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.7.0...v3.8.0
 [v3.7.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.6.0...v3.7.0

From 594e1a838ca830a5446556ba5f7f3ff68d05de31 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 24 Jun 2020 17:41:17 +0200
Subject: [PATCH 04/16] feat: Updated version requirements to support Terraform
 0.13 (#178)

---
 .pre-commit-config.yaml | 4 ++--
 README.md               | 2 +-
 versions.tf             | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 02854526..2308d6fe 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,10 +1,10 @@
 repos:
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.27.0
+    rev: v1.31.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
   - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v2.5.0
+    rev: v3.1.0
     hooks:
       - id: check-merge-conflict
diff --git a/README.md b/README.md
index 81cbddfe..bf41aad9 100644
--- a/README.md
+++ b/README.md
@@ -161,7 +161,7 @@ No issue is creating limit on this module.
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
diff --git a/versions.tf b/versions.tf
index b8569144..41f2989f 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"

From e5c6f41dca13844612c81b7afa55f918642531eb Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 24 Jun 2020 17:41:36 +0200
Subject: [PATCH 05/16] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e2921d4d..a311737e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="v3.11.0"></a>
+## [v3.11.0] - 2020-06-24
+
+- feat: Updated version requirements to support Terraform 0.13 ([#178](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/178))
+
+
 <a name="v3.10.0"></a>
 ## [v3.10.0] - 2020-05-13
 
@@ -421,7 +427,8 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.10.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.11.0...HEAD
+[v3.11.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.10.0...v3.11.0
 [v3.10.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.9.0...v3.10.0
 [v3.9.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.8.0...v3.9.0
 [v3.8.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.7.0...v3.8.0

From 75199485f71a465781ccc1e914be3ce2f3fc249e Mon Sep 17 00:00:00 2001
From: Niall Ferguson <nferguson@qarik.com>
Date: Fri, 3 Jul 2020 16:52:34 +0100
Subject: [PATCH 06/16] feat: Added optional revoke_rules_on_delete
 functionality (required for EMR) (#179)

---
 README.md                            |   5 +-
 main.tf                              |  14 +-
 modules/README.md                    |   1 +
 modules/_templates/main.tf           |  13 +-
 modules/_templates/variables.tf      |   6 +
 modules/_templates/versions.tf       |   2 +-
 modules/activemq/README.md           |   3 +-
 modules/activemq/main.tf             |  13 +-
 modules/activemq/variables.tf        |   6 +
 modules/activemq/versions.tf         |   2 +-
 modules/alertmanager/README.md       |   3 +-
 modules/alertmanager/main.tf         |  13 +-
 modules/alertmanager/variables.tf    |   6 +
 modules/alertmanager/versions.tf     |   2 +-
 modules/carbon-relay-ng/README.md    |   3 +-
 modules/carbon-relay-ng/main.tf      |  13 +-
 modules/carbon-relay-ng/variables.tf |   6 +
 modules/carbon-relay-ng/versions.tf  |   2 +-
 modules/cassandra/README.md          |   3 +-
 modules/cassandra/main.tf            |  13 +-
 modules/cassandra/variables.tf       |   6 +
 modules/cassandra/versions.tf        |   2 +-
 modules/consul/README.md             |   3 +-
 modules/consul/main.tf               |  13 +-
 modules/consul/variables.tf          |   6 +
 modules/consul/versions.tf           |   2 +-
 modules/docker-swarm/README.md       |   3 +-
 modules/docker-swarm/main.tf         |  13 +-
 modules/docker-swarm/variables.tf    |   6 +
 modules/docker-swarm/versions.tf     |   2 +-
 modules/elasticsearch/README.md      |   3 +-
 modules/elasticsearch/main.tf        |  13 +-
 modules/elasticsearch/variables.tf   |   6 +
 modules/elasticsearch/versions.tf    |   2 +-
 modules/grafana/README.md            |   3 +-
 modules/grafana/main.tf              |  13 +-
 modules/grafana/variables.tf         |   6 +
 modules/grafana/versions.tf          |   2 +-
 modules/graphite-statsd/README.md    |   3 +-
 modules/graphite-statsd/main.tf      |  13 +-
 modules/graphite-statsd/variables.tf |   6 +
 modules/graphite-statsd/versions.tf  |   2 +-
 modules/http-80/README.md            |   3 +-
 modules/http-80/main.tf              |  13 +-
 modules/http-80/variables.tf         |   6 +
 modules/http-80/versions.tf          |   2 +-
 modules/http-8080/README.md          |   3 +-
 modules/http-8080/main.tf            |  13 +-
 modules/http-8080/variables.tf       |   6 +
 modules/http-8080/versions.tf        |   2 +-
 modules/https-443/README.md          |   3 +-
 modules/https-443/main.tf            |  13 +-
 modules/https-443/variables.tf       |   6 +
 modules/https-443/versions.tf        |   2 +-
 modules/https-8443/README.md         |   3 +-
 modules/https-8443/main.tf           |  13 +-
 modules/https-8443/variables.tf      |   6 +
 modules/https-8443/versions.tf       |   2 +-
 modules/ipsec-4500/README.md         |   3 +-
 modules/ipsec-4500/main.tf           |  13 +-
 modules/ipsec-4500/variables.tf      |   6 +
 modules/ipsec-4500/versions.tf       |   2 +-
 modules/ipsec-500/README.md          |   3 +-
 modules/ipsec-500/main.tf            |  13 +-
 modules/ipsec-500/variables.tf       |   6 +
 modules/ipsec-500/versions.tf        |   2 +-
 modules/kafka/README.md              |   3 +-
 modules/kafka/main.tf                |  13 +-
 modules/kafka/variables.tf           |   6 +
 modules/kafka/versions.tf            |   2 +-
 modules/kibana/README.md             |   3 +-
 modules/kibana/main.tf               |  13 +-
 modules/kibana/variables.tf          |   6 +
 modules/kibana/versions.tf           |   2 +-
 modules/kubernetes-api/README.md     |   3 +-
 modules/kubernetes-api/main.tf       |  13 +-
 modules/kubernetes-api/variables.tf  |   6 +
 modules/kubernetes-api/versions.tf   |   2 +-
 modules/ldaps/README.md              |   3 +-
 modules/ldaps/main.tf                |  13 +-
 modules/ldaps/variables.tf           |   6 +
 modules/ldaps/versions.tf            |   2 +-
 modules/logstash/README.md           | 110 +++++++++
 modules/logstash/auto_values.tf      |  79 ++++++
 modules/logstash/main.tf             | 115 +++++++++
 modules/logstash/outputs.tf          |  24 ++
 modules/logstash/variables.tf        | 348 +++++++++++++++++++++++++++
 modules/logstash/versions.tf         |   7 +
 modules/memcached/README.md          |   3 +-
 modules/memcached/main.tf            |  13 +-
 modules/memcached/variables.tf       |   6 +
 modules/memcached/versions.tf        |   2 +-
 modules/minio/README.md              |   3 +-
 modules/minio/main.tf                |  13 +-
 modules/minio/variables.tf           |   6 +
 modules/minio/versions.tf            |   2 +-
 modules/mongodb/README.md            |   3 +-
 modules/mongodb/main.tf              |  13 +-
 modules/mongodb/variables.tf         |   6 +
 modules/mongodb/versions.tf          |   2 +-
 modules/mssql/README.md              |   3 +-
 modules/mssql/main.tf                |  13 +-
 modules/mssql/variables.tf           |   6 +
 modules/mssql/versions.tf            |   2 +-
 modules/mysql/README.md              |   3 +-
 modules/mysql/main.tf                |  13 +-
 modules/mysql/variables.tf           |   6 +
 modules/mysql/versions.tf            |   2 +-
 modules/nfs/README.md                |   3 +-
 modules/nfs/main.tf                  |  13 +-
 modules/nfs/variables.tf             |   6 +
 modules/nfs/versions.tf              |   2 +-
 modules/nomad/README.md              |   3 +-
 modules/nomad/main.tf                |  13 +-
 modules/nomad/variables.tf           |   6 +
 modules/nomad/versions.tf            |   2 +-
 modules/ntp/README.md                |   3 +-
 modules/ntp/main.tf                  |  13 +-
 modules/ntp/variables.tf             |   6 +
 modules/ntp/versions.tf              |   2 +-
 modules/openvpn/README.md            |   3 +-
 modules/openvpn/main.tf              |  13 +-
 modules/openvpn/variables.tf         |   6 +
 modules/openvpn/versions.tf          |   2 +-
 modules/oracle-db/README.md          |   3 +-
 modules/oracle-db/main.tf            |  13 +-
 modules/oracle-db/variables.tf       |   6 +
 modules/oracle-db/versions.tf        |   2 +-
 modules/postgresql/README.md         |   3 +-
 modules/postgresql/main.tf           |  13 +-
 modules/postgresql/variables.tf      |   6 +
 modules/postgresql/versions.tf       |   2 +-
 modules/prometheus/README.md         |   3 +-
 modules/prometheus/main.tf           |  13 +-
 modules/prometheus/variables.tf      |   6 +
 modules/prometheus/versions.tf       |   2 +-
 modules/puppet/README.md             |   3 +-
 modules/puppet/main.tf               |  13 +-
 modules/puppet/variables.tf          |   6 +
 modules/puppet/versions.tf           |   2 +-
 modules/rabbitmq/README.md           |   3 +-
 modules/rabbitmq/main.tf             |  13 +-
 modules/rabbitmq/variables.tf        |   6 +
 modules/rabbitmq/versions.tf         |   2 +-
 modules/rdp/README.md                |   3 +-
 modules/rdp/main.tf                  |  13 +-
 modules/rdp/variables.tf             |   6 +
 modules/rdp/versions.tf              |   2 +-
 modules/redis/README.md              |   3 +-
 modules/redis/main.tf                |  13 +-
 modules/redis/variables.tf           |   6 +
 modules/redis/versions.tf            |   2 +-
 modules/redshift/README.md           |   3 +-
 modules/redshift/main.tf             |  13 +-
 modules/redshift/variables.tf        |   6 +
 modules/redshift/versions.tf         |   2 +-
 modules/splunk/README.md             |   3 +-
 modules/splunk/main.tf               |  13 +-
 modules/splunk/variables.tf          |   6 +
 modules/splunk/versions.tf           |   2 +-
 modules/squid/README.md              |   3 +-
 modules/squid/main.tf                |  13 +-
 modules/squid/variables.tf           |   6 +
 modules/squid/versions.tf            |   2 +-
 modules/ssh/README.md                |   3 +-
 modules/ssh/main.tf                  |  13 +-
 modules/ssh/variables.tf             |   6 +
 modules/ssh/versions.tf              |   2 +-
 modules/storm/README.md              |   3 +-
 modules/storm/main.tf                |  13 +-
 modules/storm/variables.tf           |   6 +
 modules/storm/versions.tf            |   2 +-
 modules/web/README.md                |   3 +-
 modules/web/main.tf                  |  13 +-
 modules/web/variables.tf             |   6 +
 modules/web/versions.tf              |   2 +-
 modules/winrm/README.md              |   3 +-
 modules/winrm/main.tf                |  13 +-
 modules/winrm/variables.tf           |   6 +
 modules/winrm/versions.tf            |   2 +-
 modules/zipkin/README.md             |   3 +-
 modules/zipkin/main.tf               |  13 +-
 modules/zipkin/variables.tf          |   6 +
 modules/zipkin/versions.tf           |   2 +-
 modules/zookeeper/README.md          |   3 +-
 modules/zookeeper/main.tf            |  13 +-
 modules/zookeeper/variables.tf       |   6 +
 modules/zookeeper/versions.tf        |   2 +-
 rules.tf                             |   7 +
 variables.tf                         |   6 +
 190 files changed, 1426 insertions(+), 367 deletions(-)
 create mode 100644 modules/logstash/README.md
 create mode 100644 modules/logstash/auto_values.tf
 create mode 100644 modules/logstash/main.tf
 create mode 100644 modules/logstash/outputs.tf
 create mode 100644 modules/logstash/variables.tf
 create mode 100644 modules/logstash/versions.tf

diff --git a/README.md b/README.md
index bf41aad9..bcbe1909 100644
--- a/README.md
+++ b/README.md
@@ -174,7 +174,7 @@ No issue is creating limit on this module.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "minio": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "minio-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
+| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "logstash": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "logstash-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "minio": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "minio-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
 | computed\_egress\_rules | List of computed egress rules to create by name | `list(string)` | `[]` | no |
 | computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
 | computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
@@ -214,7 +214,8 @@ No issue is creating limit on this module.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
-| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
+| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "logstash-tcp": [<br>    5044,<br>    5044,<br>    "tcp",<br>    "Logstash"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
index 81ae0abe..38d19863 100644
--- a/main.tf
+++ b/main.tf
@@ -15,9 +15,10 @@ locals {
 resource "aws_security_group" "this" {
   count = var.create && false == var.use_name_prefix ? 1 : 0
 
-  name        = var.name
-  description = var.description
-  vpc_id      = var.vpc_id
+  name                   = var.name
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
 
   tags = merge(
     var.tags,
@@ -33,9 +34,10 @@ resource "aws_security_group" "this" {
 resource "aws_security_group" "this_name_prefix" {
   count = var.create && var.use_name_prefix ? 1 : 0
 
-  name_prefix = "${var.name}-"
-  description = var.description
-  vpc_id      = var.vpc_id
+  name_prefix            = "${var.name}-"
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
 
   tags = merge(
     var.tags,
diff --git a/modules/README.md b/modules/README.md
index 51912dda..ead53e3b 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -21,6 +21,7 @@ List of Security Groups implemented as Terraform modules
 * [kibana](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/kibana)
 * [kubernetes-api](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/kubernetes-api)
 * [ldaps](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ldaps)
+* [logstash](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/logstash)
 * [memcached](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/memcached)
 * [minio](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/minio)
 * [mongodb](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mongodb)
diff --git a/modules/_templates/main.tf b/modules/_templates/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/_templates/main.tf
+++ b/modules/_templates/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/_templates/variables.tf b/modules/_templates/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/_templates/variables.tf
+++ b/modules/_templates/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/_templates/versions.tf b/modules/_templates/versions.tf
index b8569144..41f2989f 100644
--- a/modules/_templates/versions.tf
+++ b/modules/_templates/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/activemq/README.md b/modules/activemq/README.md
index 10109b96..adf873b1 100644
--- a/modules/activemq/README.md
+++ b/modules/activemq/README.md
@@ -18,7 +18,7 @@ All automatic values **activemq module** is using are available [here](https://g
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/activemq/main.tf b/modules/activemq/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/activemq/main.tf
+++ b/modules/activemq/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/activemq/variables.tf b/modules/activemq/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/activemq/variables.tf
+++ b/modules/activemq/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/activemq/versions.tf b/modules/activemq/versions.tf
index b8569144..41f2989f 100644
--- a/modules/activemq/versions.tf
+++ b/modules/activemq/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/alertmanager/README.md b/modules/alertmanager/README.md
index 89cb1d3c..923185bc 100644
--- a/modules/alertmanager/README.md
+++ b/modules/alertmanager/README.md
@@ -18,7 +18,7 @@ All automatic values **alertmanager module** is using are available [here](https
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/alertmanager/main.tf b/modules/alertmanager/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/alertmanager/main.tf
+++ b/modules/alertmanager/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/alertmanager/variables.tf b/modules/alertmanager/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/alertmanager/variables.tf
+++ b/modules/alertmanager/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/alertmanager/versions.tf b/modules/alertmanager/versions.tf
index b8569144..41f2989f 100644
--- a/modules/alertmanager/versions.tf
+++ b/modules/alertmanager/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/carbon-relay-ng/README.md b/modules/carbon-relay-ng/README.md
index f27ca5e4..cb27098b 100644
--- a/modules/carbon-relay-ng/README.md
+++ b/modules/carbon-relay-ng/README.md
@@ -18,7 +18,7 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/carbon-relay-ng/main.tf b/modules/carbon-relay-ng/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/carbon-relay-ng/main.tf
+++ b/modules/carbon-relay-ng/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/carbon-relay-ng/variables.tf b/modules/carbon-relay-ng/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/carbon-relay-ng/variables.tf
+++ b/modules/carbon-relay-ng/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/carbon-relay-ng/versions.tf b/modules/carbon-relay-ng/versions.tf
index b8569144..41f2989f 100644
--- a/modules/carbon-relay-ng/versions.tf
+++ b/modules/carbon-relay-ng/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/cassandra/README.md b/modules/cassandra/README.md
index 45aa5313..ba715767 100644
--- a/modules/cassandra/README.md
+++ b/modules/cassandra/README.md
@@ -18,7 +18,7 @@ All automatic values **cassandra module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/cassandra/main.tf b/modules/cassandra/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/cassandra/main.tf
+++ b/modules/cassandra/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/cassandra/variables.tf b/modules/cassandra/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/cassandra/variables.tf
+++ b/modules/cassandra/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/cassandra/versions.tf b/modules/cassandra/versions.tf
index b8569144..41f2989f 100644
--- a/modules/cassandra/versions.tf
+++ b/modules/cassandra/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/consul/README.md b/modules/consul/README.md
index 30147b0c..d0d66802 100644
--- a/modules/consul/README.md
+++ b/modules/consul/README.md
@@ -18,7 +18,7 @@ All automatic values **consul module** is using are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/consul/main.tf b/modules/consul/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/consul/main.tf
+++ b/modules/consul/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/consul/variables.tf b/modules/consul/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/consul/variables.tf
+++ b/modules/consul/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/consul/versions.tf b/modules/consul/versions.tf
index b8569144..41f2989f 100644
--- a/modules/consul/versions.tf
+++ b/modules/consul/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/docker-swarm/README.md b/modules/docker-swarm/README.md
index c90caacf..114673c9 100644
--- a/modules/docker-swarm/README.md
+++ b/modules/docker-swarm/README.md
@@ -18,7 +18,7 @@ All automatic values **docker-swarm module** is using are available [here](https
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/docker-swarm/main.tf b/modules/docker-swarm/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/docker-swarm/main.tf
+++ b/modules/docker-swarm/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/docker-swarm/variables.tf b/modules/docker-swarm/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/docker-swarm/variables.tf
+++ b/modules/docker-swarm/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/docker-swarm/versions.tf b/modules/docker-swarm/versions.tf
index b8569144..41f2989f 100644
--- a/modules/docker-swarm/versions.tf
+++ b/modules/docker-swarm/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/elasticsearch/README.md b/modules/elasticsearch/README.md
index bfe41859..bf61d3a8 100644
--- a/modules/elasticsearch/README.md
+++ b/modules/elasticsearch/README.md
@@ -18,7 +18,7 @@ All automatic values **elasticsearch module** is using are available [here](http
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/elasticsearch/main.tf b/modules/elasticsearch/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/elasticsearch/main.tf
+++ b/modules/elasticsearch/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/elasticsearch/variables.tf b/modules/elasticsearch/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/elasticsearch/variables.tf
+++ b/modules/elasticsearch/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/elasticsearch/versions.tf b/modules/elasticsearch/versions.tf
index b8569144..41f2989f 100644
--- a/modules/elasticsearch/versions.tf
+++ b/modules/elasticsearch/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/grafana/README.md b/modules/grafana/README.md
index 5fc25182..46c36907 100644
--- a/modules/grafana/README.md
+++ b/modules/grafana/README.md
@@ -18,7 +18,7 @@ All automatic values **grafana module** is using are available [here](https://gi
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/grafana/main.tf b/modules/grafana/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/grafana/main.tf
+++ b/modules/grafana/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/grafana/variables.tf b/modules/grafana/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/grafana/variables.tf
+++ b/modules/grafana/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/grafana/versions.tf b/modules/grafana/versions.tf
index b8569144..41f2989f 100644
--- a/modules/grafana/versions.tf
+++ b/modules/grafana/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/graphite-statsd/README.md b/modules/graphite-statsd/README.md
index d9534009..0605aab9 100644
--- a/modules/graphite-statsd/README.md
+++ b/modules/graphite-statsd/README.md
@@ -18,7 +18,7 @@ All automatic values **graphite-statsd module** is using are available [here](ht
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/graphite-statsd/main.tf b/modules/graphite-statsd/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/graphite-statsd/main.tf
+++ b/modules/graphite-statsd/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/graphite-statsd/variables.tf b/modules/graphite-statsd/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/graphite-statsd/variables.tf
+++ b/modules/graphite-statsd/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/graphite-statsd/versions.tf b/modules/graphite-statsd/versions.tf
index b8569144..41f2989f 100644
--- a/modules/graphite-statsd/versions.tf
+++ b/modules/graphite-statsd/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/http-80/README.md b/modules/http-80/README.md
index 132c2060..0601398c 100644
--- a/modules/http-80/README.md
+++ b/modules/http-80/README.md
@@ -18,7 +18,7 @@ All automatic values **http-80 module** is using are available [here](https://gi
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/http-80/main.tf b/modules/http-80/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/http-80/main.tf
+++ b/modules/http-80/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/http-80/variables.tf b/modules/http-80/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/http-80/variables.tf
+++ b/modules/http-80/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/http-80/versions.tf b/modules/http-80/versions.tf
index b8569144..41f2989f 100644
--- a/modules/http-80/versions.tf
+++ b/modules/http-80/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/http-8080/README.md b/modules/http-8080/README.md
index 601a09bc..67372177 100644
--- a/modules/http-8080/README.md
+++ b/modules/http-8080/README.md
@@ -18,7 +18,7 @@ All automatic values **http-8080 module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/http-8080/main.tf b/modules/http-8080/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/http-8080/main.tf
+++ b/modules/http-8080/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/http-8080/variables.tf b/modules/http-8080/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/http-8080/variables.tf
+++ b/modules/http-8080/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/http-8080/versions.tf b/modules/http-8080/versions.tf
index b8569144..41f2989f 100644
--- a/modules/http-8080/versions.tf
+++ b/modules/http-8080/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/https-443/README.md b/modules/https-443/README.md
index 41a80794..4131e5d4 100644
--- a/modules/https-443/README.md
+++ b/modules/https-443/README.md
@@ -18,7 +18,7 @@ All automatic values **https-443 module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/https-443/main.tf b/modules/https-443/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/https-443/main.tf
+++ b/modules/https-443/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/https-443/variables.tf b/modules/https-443/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/https-443/variables.tf
+++ b/modules/https-443/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/https-443/versions.tf b/modules/https-443/versions.tf
index b8569144..41f2989f 100644
--- a/modules/https-443/versions.tf
+++ b/modules/https-443/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/https-8443/README.md b/modules/https-8443/README.md
index e6e21af2..aa033b1e 100644
--- a/modules/https-8443/README.md
+++ b/modules/https-8443/README.md
@@ -18,7 +18,7 @@ All automatic values **https-8443 module** is using are available [here](https:/
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/https-8443/main.tf b/modules/https-8443/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/https-8443/main.tf
+++ b/modules/https-8443/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/https-8443/variables.tf b/modules/https-8443/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/https-8443/variables.tf
+++ b/modules/https-8443/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/https-8443/versions.tf b/modules/https-8443/versions.tf
index b8569144..41f2989f 100644
--- a/modules/https-8443/versions.tf
+++ b/modules/https-8443/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/ipsec-4500/README.md b/modules/ipsec-4500/README.md
index 13615511..9eec5cc6 100644
--- a/modules/ipsec-4500/README.md
+++ b/modules/ipsec-4500/README.md
@@ -18,7 +18,7 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/ipsec-4500/main.tf b/modules/ipsec-4500/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/ipsec-4500/main.tf
+++ b/modules/ipsec-4500/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/ipsec-4500/variables.tf b/modules/ipsec-4500/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/ipsec-4500/variables.tf
+++ b/modules/ipsec-4500/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/ipsec-4500/versions.tf b/modules/ipsec-4500/versions.tf
index b8569144..41f2989f 100644
--- a/modules/ipsec-4500/versions.tf
+++ b/modules/ipsec-4500/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/ipsec-500/README.md b/modules/ipsec-500/README.md
index 4a6c6150..84e59e25 100644
--- a/modules/ipsec-500/README.md
+++ b/modules/ipsec-500/README.md
@@ -18,7 +18,7 @@ All automatic values **ipsec-500 module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/ipsec-500/main.tf b/modules/ipsec-500/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/ipsec-500/main.tf
+++ b/modules/ipsec-500/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/ipsec-500/variables.tf b/modules/ipsec-500/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/ipsec-500/variables.tf
+++ b/modules/ipsec-500/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/ipsec-500/versions.tf b/modules/ipsec-500/versions.tf
index b8569144..41f2989f 100644
--- a/modules/ipsec-500/versions.tf
+++ b/modules/ipsec-500/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/kafka/README.md b/modules/kafka/README.md
index 67da0265..fdbbd8b7 100644
--- a/modules/kafka/README.md
+++ b/modules/kafka/README.md
@@ -18,7 +18,7 @@ All automatic values **kafka module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/kafka/main.tf b/modules/kafka/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/kafka/main.tf
+++ b/modules/kafka/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/kafka/variables.tf b/modules/kafka/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/kafka/variables.tf
+++ b/modules/kafka/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/kafka/versions.tf b/modules/kafka/versions.tf
index b8569144..41f2989f 100644
--- a/modules/kafka/versions.tf
+++ b/modules/kafka/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/kibana/README.md b/modules/kibana/README.md
index 44f52f2f..e2322b71 100644
--- a/modules/kibana/README.md
+++ b/modules/kibana/README.md
@@ -18,7 +18,7 @@ All automatic values **kibana module** is using are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/kibana/main.tf b/modules/kibana/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/kibana/main.tf
+++ b/modules/kibana/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/kibana/variables.tf b/modules/kibana/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/kibana/variables.tf
+++ b/modules/kibana/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/kibana/versions.tf b/modules/kibana/versions.tf
index b8569144..41f2989f 100644
--- a/modules/kibana/versions.tf
+++ b/modules/kibana/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/kubernetes-api/README.md b/modules/kubernetes-api/README.md
index 1cfdba23..7f37046a 100644
--- a/modules/kubernetes-api/README.md
+++ b/modules/kubernetes-api/README.md
@@ -18,7 +18,7 @@ All automatic values **kubernetes-api module** is using are available [here](htt
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/kubernetes-api/main.tf b/modules/kubernetes-api/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/kubernetes-api/main.tf
+++ b/modules/kubernetes-api/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/kubernetes-api/variables.tf b/modules/kubernetes-api/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/kubernetes-api/variables.tf
+++ b/modules/kubernetes-api/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/kubernetes-api/versions.tf b/modules/kubernetes-api/versions.tf
index b8569144..41f2989f 100644
--- a/modules/kubernetes-api/versions.tf
+++ b/modules/kubernetes-api/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/ldaps/README.md b/modules/ldaps/README.md
index 3be99eba..22cc7d4b 100644
--- a/modules/ldaps/README.md
+++ b/modules/ldaps/README.md
@@ -18,7 +18,7 @@ All automatic values **ldaps module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/ldaps/main.tf b/modules/ldaps/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/ldaps/main.tf
+++ b/modules/ldaps/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/ldaps/variables.tf b/modules/ldaps/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/ldaps/variables.tf
+++ b/modules/ldaps/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/ldaps/versions.tf b/modules/ldaps/versions.tf
index b8569144..41f2989f 100644
--- a/modules/ldaps/versions.tf
+++ b/modules/ldaps/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/logstash/README.md b/modules/logstash/README.md
new file mode 100644
index 00000000..18753976
--- /dev/null
+++ b/modules/logstash/README.md
@@ -0,0 +1,110 @@
+# logstash - AWS EC2-VPC Security Group Terraform module
+
+## Usage
+
+```hcl
+module "logstash_security_group" {
+  source  = "terraform-aws-modules/security-group/aws//modules/logstash"
+  version = "~> 3.0"
+
+  # omitted...
+}
+```
+
+All automatic values **logstash module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/logstash/auto_values.tf).
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6, < 0.14 |
+| aws | ~> 2.42 |
+
+## Providers
+
+No provider.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | `list(string)` | `[]` | no |
+| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | `[]` | no |
+| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_egress\_rules | List of egress rules to add automatically | `list(string)` | <pre>[<br>  "all-all"<br>]</pre> | no |
+| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | <pre>[<br>  "logstash-tcp"<br>]</pre> | no |
+| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | `list(map(string))` | <pre>[<br>  {<br>    "rule": "all-all"<br>  }<br>]</pre> | no |
+| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | `number` | `0` | no |
+| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
+| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | `number` | `0` | no |
+| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
+| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no |
+| computed\_egress\_rules | List of computed egress rules to create by name | `list(string)` | `[]` | no |
+| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_rules | List of computed ingress rules to create by name | `list(string)` | `[]` | no |
+| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| create | Whether to create security group and all rules | `bool` | `true` | no |
+| description | Description of security group | `string` | `"Security Group managed by Terraform"` | no |
+| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no |
+| egress\_rules | List of egress rules to create by name | `list(string)` | `[]` | no |
+| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| egress\_with\_self | List of egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_rules | List of ingress rules to create by name | `list(string)` | `[]` | no |
+| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| ingress\_with\_self | List of ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| name | Name of security group | `string` | n/a | yes |
+| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
+| tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
+| use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
+| vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this\_security\_group\_description | The description of the security group |
+| this\_security\_group\_id | The ID of the security group |
+| this\_security\_group\_name | The name of the security group |
+| this\_security\_group\_owner\_id | The owner ID |
+| this\_security\_group\_vpc\_id | The VPC ID |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/logstash/auto_values.tf b/modules/logstash/auto_values.tf
new file mode 100644
index 00000000..6708317b
--- /dev/null
+++ b/modules/logstash/auto_values.tf
@@ -0,0 +1,79 @@
+# This file was generated from values defined in rules.tf using update_groups.sh.
+###################################
+# DO NOT CHANGE THIS FILE MANUALLY
+###################################
+
+variable "auto_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = ["logstash-tcp"]
+}
+
+variable "auto_ingress_with_self" {
+  description = "List of maps defining ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
+}
+
+variable "auto_egress_rules" {
+  description = "List of egress rules to add automatically"
+  type        = list(string)
+  default     = ["all-all"]
+}
+
+variable "auto_egress_with_self" {
+  description = "List of maps defining egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Computed
+variable "auto_computed_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_ingress_with_self" {
+  description = "List of maps defining computed ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "auto_computed_egress_rules" {
+  description = "List of computed egress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_egress_with_self" {
+  description = "List of maps defining computed egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Number of computed rules
+variable "auto_number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
diff --git a/modules/logstash/main.tf b/modules/logstash/main.tf
new file mode 100644
index 00000000..758bb7bc
--- /dev/null
+++ b/modules/logstash/main.tf
@@ -0,0 +1,115 @@
+module "sg" {
+  source = "../../"
+
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
+
+  ##########
+  # Ingress
+  ##########
+  # Rules by names - open for default CIDR
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))
+
+  # Open for self
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id
+
+  # Default ingress CIDR blocks
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids
+
+  ###################
+  # Computed Ingress
+  ###################
+  # Rules by names - open for default CIDR
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))
+
+  # Open for self
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id
+
+  #############################
+  # Number of computed ingress
+  #############################
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id
+
+  #########
+  # Egress
+  #########
+  # Rules by names - open for default CIDR
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))
+
+  # Open for self
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id
+
+  # Default egress CIDR blocks
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  egress_prefix_list_ids = var.egress_prefix_list_ids
+
+  ##################
+  # Computed Egress
+  ##################
+  # Rules by names - open for default CIDR
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))
+
+  # Open for self
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id
+
+  #############################
+  # Number of computed egress
+  #############################
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
+}
diff --git a/modules/logstash/outputs.tf b/modules/logstash/outputs.tf
new file mode 100644
index 00000000..3d7ad67f
--- /dev/null
+++ b/modules/logstash/outputs.tf
@@ -0,0 +1,24 @@
+output "this_security_group_id" {
+  description = "The ID of the security group"
+  value       = module.sg.this_security_group_id
+}
+
+output "this_security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = module.sg.this_security_group_vpc_id
+}
+
+output "this_security_group_owner_id" {
+  description = "The owner ID"
+  value       = module.sg.this_security_group_owner_id
+}
+
+output "this_security_group_name" {
+  description = "The name of the security group"
+  value       = module.sg.this_security_group_name
+}
+
+output "this_security_group_description" {
+  description = "The description of the security group"
+  value       = module.sg.this_security_group_description
+}
diff --git a/modules/logstash/variables.tf b/modules/logstash/variables.tf
new file mode 100644
index 00000000..4d331561
--- /dev/null
+++ b/modules/logstash/variables.tf
@@ -0,0 +1,348 @@
+#################
+# Security group
+#################
+variable "create" {
+  description = "Whether to create security group and all rules"
+  type        = bool
+  default     = true
+}
+
+variable "vpc_id" {
+  description = "ID of the VPC where to create security group"
+  type        = string
+}
+
+variable "name" {
+  description = "Name of security group"
+  type        = string
+}
+
+variable "use_name_prefix" {
+  description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation"
+  type        = bool
+  default     = true
+}
+
+variable "description" {
+  description = "Description of security group"
+  type        = string
+  default     = "Security Group managed by Terraform"
+}
+
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to security group"
+  type        = map(string)
+  default     = {}
+}
+
+##########
+# Ingress
+##########
+variable "ingress_rules" {
+  description = "List of ingress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_with_self" {
+  description = "List of ingress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_cidr_blocks" {
+  description = "List of ingress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_ipv6_cidr_blocks" {
+  description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_source_security_group_id" {
+  description = "List of ingress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+###################
+# Computed Ingress
+###################
+variable "computed_ingress_rules" {
+  description = "List of computed ingress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_with_self" {
+  description = "List of computed ingress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_ipv6_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_source_security_group_id" {
+  description = "List of computed ingress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+###################################
+# Number of computed ingress rules
+###################################
+variable "number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_source_security_group_id" {
+  description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+#########
+# Egress
+#########
+variable "egress_rules" {
+  description = "List of egress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "egress_with_self" {
+  description = "List of egress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_cidr_blocks" {
+  description = "List of egress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_ipv6_cidr_blocks" {
+  description = "List of egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_source_security_group_id" {
+  description = "List of egress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all egress rules"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
+variable "egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all egress rules"
+  type        = list(string)
+  default     = ["::/0"]
+}
+
+variable "egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
+  type        = list(string)
+  default     = []
+}
+
+##################
+# Computed Egress
+##################
+variable "computed_egress_rules" {
+  description = "List of computed egress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_egress_with_self" {
+  description = "List of computed egress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_cidr_blocks" {
+  description = "List of computed egress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_ipv6_cidr_blocks" {
+  description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_source_security_group_id" {
+  description = "List of computed egress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed egress rules"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
+variable "computed_egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed egress rules"
+  type        = list(string)
+  default     = ["::/0"]
+}
+
+variable "computed_egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  type        = list(string)
+  default     = []
+}
+
+##################################
+# Number of computed egress rules
+##################################
+variable "number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_source_security_group_id" {
+  description = "Number of computed egress rules to create where 'source_security_group_id' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
diff --git a/modules/logstash/versions.tf b/modules/logstash/versions.tf
new file mode 100644
index 00000000..41f2989f
--- /dev/null
+++ b/modules/logstash/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_version = ">= 0.12.6, < 0.14"
+
+  required_providers {
+    aws = "~> 2.42"
+  }
+}
diff --git a/modules/memcached/README.md b/modules/memcached/README.md
index 33993e9a..649c684e 100644
--- a/modules/memcached/README.md
+++ b/modules/memcached/README.md
@@ -18,7 +18,7 @@ All automatic values **memcached module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/memcached/main.tf b/modules/memcached/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/memcached/main.tf
+++ b/modules/memcached/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/memcached/variables.tf b/modules/memcached/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/memcached/variables.tf
+++ b/modules/memcached/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/memcached/versions.tf b/modules/memcached/versions.tf
index b8569144..41f2989f 100644
--- a/modules/memcached/versions.tf
+++ b/modules/memcached/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/minio/README.md b/modules/minio/README.md
index c1f20149..f3432c09 100644
--- a/modules/minio/README.md
+++ b/modules/minio/README.md
@@ -18,7 +18,7 @@ All automatic values **minio module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/minio/main.tf b/modules/minio/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/minio/main.tf
+++ b/modules/minio/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/minio/variables.tf b/modules/minio/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/minio/variables.tf
+++ b/modules/minio/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/minio/versions.tf b/modules/minio/versions.tf
index b8569144..41f2989f 100644
--- a/modules/minio/versions.tf
+++ b/modules/minio/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/mongodb/README.md b/modules/mongodb/README.md
index 1ad49fd4..7c1b026f 100644
--- a/modules/mongodb/README.md
+++ b/modules/mongodb/README.md
@@ -18,7 +18,7 @@ All automatic values **mongodb module** is using are available [here](https://gi
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/mongodb/main.tf b/modules/mongodb/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/mongodb/main.tf
+++ b/modules/mongodb/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/mongodb/variables.tf b/modules/mongodb/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/mongodb/variables.tf
+++ b/modules/mongodb/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/mongodb/versions.tf b/modules/mongodb/versions.tf
index b8569144..41f2989f 100644
--- a/modules/mongodb/versions.tf
+++ b/modules/mongodb/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/mssql/README.md b/modules/mssql/README.md
index f82dd66a..50a29ea1 100644
--- a/modules/mssql/README.md
+++ b/modules/mssql/README.md
@@ -18,7 +18,7 @@ All automatic values **mssql module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/mssql/main.tf b/modules/mssql/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/mssql/main.tf
+++ b/modules/mssql/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/mssql/variables.tf b/modules/mssql/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/mssql/variables.tf
+++ b/modules/mssql/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/mssql/versions.tf b/modules/mssql/versions.tf
index b8569144..41f2989f 100644
--- a/modules/mssql/versions.tf
+++ b/modules/mssql/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/mysql/README.md b/modules/mysql/README.md
index 0dc32a91..e03e8ffa 100644
--- a/modules/mysql/README.md
+++ b/modules/mysql/README.md
@@ -18,7 +18,7 @@ All automatic values **mysql module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/mysql/main.tf
+++ b/modules/mysql/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/mysql/variables.tf
+++ b/modules/mysql/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/mysql/versions.tf b/modules/mysql/versions.tf
index b8569144..41f2989f 100644
--- a/modules/mysql/versions.tf
+++ b/modules/mysql/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/nfs/README.md b/modules/nfs/README.md
index 46ca7b67..9ed3b94a 100644
--- a/modules/nfs/README.md
+++ b/modules/nfs/README.md
@@ -18,7 +18,7 @@ All automatic values **nfs module** is using are available [here](https://github
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/nfs/main.tf b/modules/nfs/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/nfs/main.tf
+++ b/modules/nfs/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/nfs/variables.tf b/modules/nfs/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/nfs/variables.tf
+++ b/modules/nfs/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/nfs/versions.tf b/modules/nfs/versions.tf
index b8569144..41f2989f 100644
--- a/modules/nfs/versions.tf
+++ b/modules/nfs/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/nomad/README.md b/modules/nomad/README.md
index b36eebe0..1e7ed387 100644
--- a/modules/nomad/README.md
+++ b/modules/nomad/README.md
@@ -18,7 +18,7 @@ All automatic values **nomad module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/nomad/main.tf b/modules/nomad/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/nomad/main.tf
+++ b/modules/nomad/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/nomad/variables.tf b/modules/nomad/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/nomad/variables.tf
+++ b/modules/nomad/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/nomad/versions.tf b/modules/nomad/versions.tf
index b8569144..41f2989f 100644
--- a/modules/nomad/versions.tf
+++ b/modules/nomad/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/ntp/README.md b/modules/ntp/README.md
index deabd0c3..523be7f8 100644
--- a/modules/ntp/README.md
+++ b/modules/ntp/README.md
@@ -18,7 +18,7 @@ All automatic values **ntp module** is using are available [here](https://github
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/ntp/main.tf b/modules/ntp/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/ntp/main.tf
+++ b/modules/ntp/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/ntp/variables.tf b/modules/ntp/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/ntp/variables.tf
+++ b/modules/ntp/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/ntp/versions.tf b/modules/ntp/versions.tf
index b8569144..41f2989f 100644
--- a/modules/ntp/versions.tf
+++ b/modules/ntp/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/openvpn/README.md b/modules/openvpn/README.md
index f5b25bfc..5b5b5f06 100644
--- a/modules/openvpn/README.md
+++ b/modules/openvpn/README.md
@@ -18,7 +18,7 @@ All automatic values **openvpn module** is using are available [here](https://gi
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/openvpn/main.tf b/modules/openvpn/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/openvpn/main.tf
+++ b/modules/openvpn/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/openvpn/variables.tf b/modules/openvpn/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/openvpn/variables.tf
+++ b/modules/openvpn/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/openvpn/versions.tf b/modules/openvpn/versions.tf
index b8569144..41f2989f 100644
--- a/modules/openvpn/versions.tf
+++ b/modules/openvpn/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/oracle-db/README.md b/modules/oracle-db/README.md
index 47a19f02..328684c2 100644
--- a/modules/oracle-db/README.md
+++ b/modules/oracle-db/README.md
@@ -18,7 +18,7 @@ All automatic values **oracle-db module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/oracle-db/main.tf b/modules/oracle-db/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/oracle-db/main.tf
+++ b/modules/oracle-db/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/oracle-db/variables.tf b/modules/oracle-db/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/oracle-db/variables.tf
+++ b/modules/oracle-db/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/oracle-db/versions.tf b/modules/oracle-db/versions.tf
index b8569144..41f2989f 100644
--- a/modules/oracle-db/versions.tf
+++ b/modules/oracle-db/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md
index 64dcd89f..e31b2b2f 100644
--- a/modules/postgresql/README.md
+++ b/modules/postgresql/README.md
@@ -18,7 +18,7 @@ All automatic values **postgresql module** is using are available [here](https:/
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/postgresql/main.tf
+++ b/modules/postgresql/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/postgresql/variables.tf
+++ b/modules/postgresql/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/postgresql/versions.tf b/modules/postgresql/versions.tf
index b8569144..41f2989f 100644
--- a/modules/postgresql/versions.tf
+++ b/modules/postgresql/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/prometheus/README.md b/modules/prometheus/README.md
index 0202bca1..61b3c00c 100644
--- a/modules/prometheus/README.md
+++ b/modules/prometheus/README.md
@@ -18,7 +18,7 @@ All automatic values **prometheus module** is using are available [here](https:/
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/prometheus/main.tf b/modules/prometheus/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/prometheus/main.tf
+++ b/modules/prometheus/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/prometheus/variables.tf b/modules/prometheus/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/prometheus/variables.tf
+++ b/modules/prometheus/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/prometheus/versions.tf b/modules/prometheus/versions.tf
index b8569144..41f2989f 100644
--- a/modules/prometheus/versions.tf
+++ b/modules/prometheus/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/puppet/README.md b/modules/puppet/README.md
index a4c17682..50228ad4 100644
--- a/modules/puppet/README.md
+++ b/modules/puppet/README.md
@@ -18,7 +18,7 @@ All automatic values **puppet module** is using are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/puppet/main.tf b/modules/puppet/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/puppet/main.tf
+++ b/modules/puppet/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/puppet/variables.tf b/modules/puppet/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/puppet/variables.tf
+++ b/modules/puppet/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/puppet/versions.tf b/modules/puppet/versions.tf
index b8569144..41f2989f 100644
--- a/modules/puppet/versions.tf
+++ b/modules/puppet/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/rabbitmq/README.md b/modules/rabbitmq/README.md
index 1f8bf76c..05e6f7cd 100644
--- a/modules/rabbitmq/README.md
+++ b/modules/rabbitmq/README.md
@@ -18,7 +18,7 @@ All automatic values **rabbitmq module** is using are available [here](https://g
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/rabbitmq/main.tf b/modules/rabbitmq/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/rabbitmq/main.tf
+++ b/modules/rabbitmq/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/rabbitmq/variables.tf b/modules/rabbitmq/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/rabbitmq/variables.tf
+++ b/modules/rabbitmq/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/rabbitmq/versions.tf b/modules/rabbitmq/versions.tf
index b8569144..41f2989f 100644
--- a/modules/rabbitmq/versions.tf
+++ b/modules/rabbitmq/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/rdp/README.md b/modules/rdp/README.md
index c3edb947..2b219d21 100644
--- a/modules/rdp/README.md
+++ b/modules/rdp/README.md
@@ -18,7 +18,7 @@ All automatic values **rdp module** is using are available [here](https://github
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/rdp/main.tf b/modules/rdp/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/rdp/main.tf
+++ b/modules/rdp/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/rdp/variables.tf b/modules/rdp/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/rdp/variables.tf
+++ b/modules/rdp/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/rdp/versions.tf b/modules/rdp/versions.tf
index b8569144..41f2989f 100644
--- a/modules/rdp/versions.tf
+++ b/modules/rdp/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/redis/README.md b/modules/redis/README.md
index 906f0516..fb6db94e 100644
--- a/modules/redis/README.md
+++ b/modules/redis/README.md
@@ -18,7 +18,7 @@ All automatic values **redis module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/redis/main.tf b/modules/redis/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/redis/main.tf
+++ b/modules/redis/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/redis/variables.tf b/modules/redis/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/redis/variables.tf
+++ b/modules/redis/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/redis/versions.tf b/modules/redis/versions.tf
index b8569144..41f2989f 100644
--- a/modules/redis/versions.tf
+++ b/modules/redis/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/redshift/README.md b/modules/redshift/README.md
index ba388de4..6f70f3e4 100644
--- a/modules/redshift/README.md
+++ b/modules/redshift/README.md
@@ -18,7 +18,7 @@ All automatic values **redshift module** is using are available [here](https://g
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/redshift/main.tf b/modules/redshift/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/redshift/main.tf
+++ b/modules/redshift/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/redshift/variables.tf b/modules/redshift/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/redshift/variables.tf
+++ b/modules/redshift/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/redshift/versions.tf b/modules/redshift/versions.tf
index b8569144..41f2989f 100644
--- a/modules/redshift/versions.tf
+++ b/modules/redshift/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/splunk/README.md b/modules/splunk/README.md
index 23cb3da4..8c5a68bd 100644
--- a/modules/splunk/README.md
+++ b/modules/splunk/README.md
@@ -18,7 +18,7 @@ All automatic values **splunk module** is using are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/splunk/main.tf b/modules/splunk/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/splunk/main.tf
+++ b/modules/splunk/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/splunk/variables.tf b/modules/splunk/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/splunk/variables.tf
+++ b/modules/splunk/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/splunk/versions.tf b/modules/splunk/versions.tf
index b8569144..41f2989f 100644
--- a/modules/splunk/versions.tf
+++ b/modules/splunk/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/squid/README.md b/modules/squid/README.md
index 2d398515..e3869ce7 100644
--- a/modules/squid/README.md
+++ b/modules/squid/README.md
@@ -18,7 +18,7 @@ All automatic values **squid module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/squid/main.tf b/modules/squid/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/squid/main.tf
+++ b/modules/squid/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/squid/variables.tf b/modules/squid/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/squid/variables.tf
+++ b/modules/squid/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/squid/versions.tf b/modules/squid/versions.tf
index b8569144..41f2989f 100644
--- a/modules/squid/versions.tf
+++ b/modules/squid/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/ssh/README.md b/modules/ssh/README.md
index 62b0bf23..f6c150e2 100644
--- a/modules/ssh/README.md
+++ b/modules/ssh/README.md
@@ -18,7 +18,7 @@ All automatic values **ssh module** is using are available [here](https://github
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/ssh/main.tf b/modules/ssh/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/ssh/main.tf
+++ b/modules/ssh/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/ssh/variables.tf b/modules/ssh/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/ssh/variables.tf
+++ b/modules/ssh/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/ssh/versions.tf b/modules/ssh/versions.tf
index b8569144..41f2989f 100644
--- a/modules/ssh/versions.tf
+++ b/modules/ssh/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/storm/README.md b/modules/storm/README.md
index 37a5e4ef..2d074861 100644
--- a/modules/storm/README.md
+++ b/modules/storm/README.md
@@ -18,7 +18,7 @@ All automatic values **storm module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/storm/main.tf b/modules/storm/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/storm/main.tf
+++ b/modules/storm/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/storm/variables.tf b/modules/storm/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/storm/variables.tf
+++ b/modules/storm/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/storm/versions.tf b/modules/storm/versions.tf
index b8569144..41f2989f 100644
--- a/modules/storm/versions.tf
+++ b/modules/storm/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/web/README.md b/modules/web/README.md
index 3cea92cf..02e3cdd0 100644
--- a/modules/web/README.md
+++ b/modules/web/README.md
@@ -18,7 +18,7 @@ All automatic values **web module** is using are available [here](https://github
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/web/main.tf b/modules/web/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/web/main.tf
+++ b/modules/web/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/web/variables.tf b/modules/web/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/web/variables.tf
+++ b/modules/web/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/web/versions.tf b/modules/web/versions.tf
index b8569144..41f2989f 100644
--- a/modules/web/versions.tf
+++ b/modules/web/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/winrm/README.md b/modules/winrm/README.md
index 44efeeb0..ce56bdd0 100644
--- a/modules/winrm/README.md
+++ b/modules/winrm/README.md
@@ -18,7 +18,7 @@ All automatic values **winrm module** is using are available [here](https://gith
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/winrm/main.tf b/modules/winrm/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/winrm/main.tf
+++ b/modules/winrm/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/winrm/variables.tf b/modules/winrm/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/winrm/variables.tf
+++ b/modules/winrm/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/winrm/versions.tf b/modules/winrm/versions.tf
index b8569144..41f2989f 100644
--- a/modules/winrm/versions.tf
+++ b/modules/winrm/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/zipkin/README.md b/modules/zipkin/README.md
index 6aff856c..aa4583b6 100644
--- a/modules/zipkin/README.md
+++ b/modules/zipkin/README.md
@@ -18,7 +18,7 @@ All automatic values **zipkin module** is using are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/zipkin/main.tf b/modules/zipkin/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/zipkin/main.tf
+++ b/modules/zipkin/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/zipkin/variables.tf b/modules/zipkin/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/zipkin/variables.tf
+++ b/modules/zipkin/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/zipkin/versions.tf b/modules/zipkin/versions.tf
index b8569144..41f2989f 100644
--- a/modules/zipkin/versions.tf
+++ b/modules/zipkin/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/modules/zookeeper/README.md b/modules/zookeeper/README.md
index e9ac3a9d..e91fd374 100644
--- a/modules/zookeeper/README.md
+++ b/modules/zookeeper/README.md
@@ -18,7 +18,7 @@ All automatic values **zookeeper module** is using are available [here](https://
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
+| terraform | >= 0.12.6, < 0.14 |
 | aws | ~> 2.42 |
 
 ## Providers
@@ -92,6 +92,7 @@ No provider.
 | number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/zookeeper/main.tf b/modules/zookeeper/main.tf
index 2c85546f..758bb7bc 100644
--- a/modules/zookeeper/main.tf
+++ b/modules/zookeeper/main.tf
@@ -1,12 +1,13 @@
 module "sg" {
   source = "../../"
 
-  create          = var.create
-  name            = var.name
-  use_name_prefix = var.use_name_prefix
-  description     = var.description
-  vpc_id          = var.vpc_id
-  tags            = var.tags
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
 
   ##########
   # Ingress
diff --git a/modules/zookeeper/variables.tf b/modules/zookeeper/variables.tf
index 354b9e37..4d331561 100644
--- a/modules/zookeeper/variables.tf
+++ b/modules/zookeeper/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)
diff --git a/modules/zookeeper/versions.tf b/modules/zookeeper/versions.tf
index b8569144..41f2989f 100644
--- a/modules/zookeeper/versions.tf
+++ b/modules/zookeeper/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
     aws = "~> 2.42"
diff --git a/rules.tf b/rules.tf
index d190f74d..76ba6d62 100644
--- a/rules.tf
+++ b/rules.tf
@@ -78,6 +78,8 @@ variable "rules" {
     kubernetes-api-tcp = [6443, 6443, "tcp", "Kubernetes API Server"]
     # LDAPS
     ldaps-tcp = [636, 636, "tcp", "LDAPS"]
+    # Logstash
+    logstash-tcp = [5044, 5044, "tcp", "Logstash"]
     # Memcached
     memcached-tcp = [11211, 11211, "tcp", "Memcached"]
     # MinIO
@@ -268,6 +270,11 @@ variable "auto_groups" {
       ingress_with_self = ["all-all"]
       egress_rules      = ["all-all"]
     }
+    logstash = {
+      ingress_rules     = ["logstash-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
+    }
     memcached = {
       ingress_rules     = ["memcached-tcp"]
       ingress_with_self = ["all-all"]
diff --git a/variables.tf b/variables.tf
index 174f6b98..45bb12eb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -29,6 +29,12 @@ variable "description" {
   default     = "Security Group managed by Terraform"
 }
 
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A mapping of tags to assign to security group"
   type        = map(string)

From ef2a56fa4a1000c329d354a7e4c16fa6b5c55593 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 3 Jul 2020 17:53:01 +0200
Subject: [PATCH 07/16] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a311737e..a5873d69 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="v3.12.0"></a>
+## [v3.12.0] - 2020-07-03
+
+- feat: Added optional revoke_rules_on_delete functionality (required for EMR) ([#179](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/179))
+
+
 <a name="v3.11.0"></a>
 ## [v3.11.0] - 2020-06-24
 
@@ -427,7 +433,8 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.11.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.12.0...HEAD
+[v3.12.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.11.0...v3.12.0
 [v3.11.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.10.0...v3.11.0
 [v3.10.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.9.0...v3.10.0
 [v3.9.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.8.0...v3.9.0

From b35fd2cbc7086437a0d15045ceb373eb47604f7f Mon Sep 17 00:00:00 2001
From: d33psky <hans@lambermont.dyndns.org>
Date: Mon, 20 Jul 2020 12:32:31 +0200
Subject: [PATCH 08/16] feat: Add support for Solr (#181)

---
 README.md                   |   4 +-
 modules/README.md           |   1 +
 modules/solr/README.md      | 110 ++++++++++++
 modules/solr/auto_values.tf |  79 ++++++++
 modules/solr/main.tf        | 115 ++++++++++++
 modules/solr/outputs.tf     |  24 +++
 modules/solr/variables.tf   | 348 ++++++++++++++++++++++++++++++++++++
 modules/solr/versions.tf    |   7 +
 rules.tf                    |   7 +
 9 files changed, 693 insertions(+), 2 deletions(-)
 create mode 100644 modules/solr/README.md
 create mode 100644 modules/solr/auto_values.tf
 create mode 100644 modules/solr/main.tf
 create mode 100644 modules/solr/outputs.tf
 create mode 100644 modules/solr/variables.tf
 create mode 100644 modules/solr/versions.tf

diff --git a/README.md b/README.md
index bcbe1909..dd248035 100644
--- a/README.md
+++ b/README.md
@@ -174,7 +174,7 @@ No issue is creating limit on this module.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "logstash": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "logstash-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "minio": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "minio-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
+| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "logstash": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "logstash-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "minio": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "minio-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "solr": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "solr-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
 | computed\_egress\_rules | List of computed egress rules to create by name | `list(string)` | `[]` | no |
 | computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
 | computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
@@ -215,7 +215,7 @@ No issue is creating limit on this module.
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
 | revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
-| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "logstash-tcp": [<br>    5044,<br>    5044,<br>    "tcp",<br>    "Logstash"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
+| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "logstash-tcp": [<br>    5044,<br>    5044,<br>    "tcp",<br>    "Logstash"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "solr-tcp": [<br>    8983,<br>    8987,<br>    "tcp",<br>    "Solr"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/README.md b/modules/README.md
index ead53e3b..5f4cf93f 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -39,6 +39,7 @@ List of Security Groups implemented as Terraform modules
 * [rdp](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/rdp)
 * [redis](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/redis)
 * [redshift](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/redshift)
+* [solr](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/solr)
 * [splunk](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/splunk)
 * [squid](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/squid)
 * [ssh](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ssh)
diff --git a/modules/solr/README.md b/modules/solr/README.md
new file mode 100644
index 00000000..0d8014d6
--- /dev/null
+++ b/modules/solr/README.md
@@ -0,0 +1,110 @@
+# solr - AWS EC2-VPC Security Group Terraform module
+
+## Usage
+
+```hcl
+module "solr_security_group" {
+  source  = "terraform-aws-modules/security-group/aws//modules/solr"
+  version = "~> 3.0"
+
+  # omitted...
+}
+```
+
+All automatic values **solr module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/solr/auto_values.tf).
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6, < 0.14 |
+| aws | ~> 2.42 |
+
+## Providers
+
+No provider.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | `list(string)` | `[]` | no |
+| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | `[]` | no |
+| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_egress\_rules | List of egress rules to add automatically | `list(string)` | <pre>[<br>  "all-all"<br>]</pre> | no |
+| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no |
+| auto\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | <pre>[<br>  "solr-tcp"<br>]</pre> | no |
+| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | `list(map(string))` | <pre>[<br>  {<br>    "rule": "all-all"<br>  }<br>]</pre> | no |
+| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | `number` | `0` | no |
+| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
+| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | `number` | `0` | no |
+| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
+| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `list(string)` | `[]` | no |
+| computed\_egress\_rules | List of computed egress rules to create by name | `list(string)` | `[]` | no |
+| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | `list(string)` | `[]` | no |
+| computed\_ingress\_rules | List of computed ingress rules to create by name | `list(string)` | `[]` | no |
+| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| create | Whether to create security group and all rules | `bool` | `true` | no |
+| description | Description of security group | `string` | `"Security Group managed by Terraform"` | no |
+| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | `list(string)` | <pre>[<br>  "::/0"<br>]</pre> | no |
+| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | `list(string)` | `[]` | no |
+| egress\_rules | List of egress rules to create by name | `list(string)` | `[]` | no |
+| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| egress\_with\_self | List of egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | `list(string)` | `[]` | no |
+| ingress\_rules | List of ingress rules to create by name | `list(string)` | `[]` | no |
+| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| ingress\_with\_self | List of ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
+| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| name | Name of security group | `string` | n/a | yes |
+| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | `number` | `0` | no |
+| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
+| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | `number` | `0` | no |
+| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
+| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
+| revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
+| tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
+| use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
+| vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this\_security\_group\_description | The description of the security group |
+| this\_security\_group\_id | The ID of the security group |
+| this\_security\_group\_name | The name of the security group |
+| this\_security\_group\_owner\_id | The owner ID |
+| this\_security\_group\_vpc\_id | The VPC ID |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/solr/auto_values.tf b/modules/solr/auto_values.tf
new file mode 100644
index 00000000..8968d6c1
--- /dev/null
+++ b/modules/solr/auto_values.tf
@@ -0,0 +1,79 @@
+# This file was generated from values defined in rules.tf using update_groups.sh.
+###################################
+# DO NOT CHANGE THIS FILE MANUALLY
+###################################
+
+variable "auto_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = ["solr-tcp"]
+}
+
+variable "auto_ingress_with_self" {
+  description = "List of maps defining ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
+}
+
+variable "auto_egress_rules" {
+  description = "List of egress rules to add automatically"
+  type        = list(string)
+  default     = ["all-all"]
+}
+
+variable "auto_egress_with_self" {
+  description = "List of maps defining egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Computed
+variable "auto_computed_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_ingress_with_self" {
+  description = "List of maps defining computed ingress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "auto_computed_egress_rules" {
+  description = "List of computed egress rules to add automatically"
+  type        = list(string)
+  default     = []
+}
+
+variable "auto_computed_egress_with_self" {
+  description = "List of maps defining computed egress rules with self to add automatically"
+  type        = list(map(string))
+  default     = []
+}
+
+# Number of computed rules
+variable "auto_number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
diff --git a/modules/solr/main.tf b/modules/solr/main.tf
new file mode 100644
index 00000000..758bb7bc
--- /dev/null
+++ b/modules/solr/main.tf
@@ -0,0 +1,115 @@
+module "sg" {
+  source = "../../"
+
+  create                 = var.create
+  name                   = var.name
+  use_name_prefix        = var.use_name_prefix
+  description            = var.description
+  vpc_id                 = var.vpc_id
+  revoke_rules_on_delete = var.revoke_rules_on_delete
+  tags                   = var.tags
+
+  ##########
+  # Ingress
+  ##########
+  # Rules by names - open for default CIDR
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))
+
+  # Open for self
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id
+
+  # Default ingress CIDR blocks
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids
+
+  ###################
+  # Computed Ingress
+  ###################
+  # Rules by names - open for default CIDR
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))
+
+  # Open for self
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id
+
+  #############################
+  # Number of computed ingress
+  #############################
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id
+
+  #########
+  # Egress
+  #########
+  # Rules by names - open for default CIDR
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))
+
+  # Open for self
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id
+
+  # Default egress CIDR blocks
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
+
+  # Default prefix list ids
+  egress_prefix_list_ids = var.egress_prefix_list_ids
+
+  ##################
+  # Computed Egress
+  ##################
+  # Rules by names - open for default CIDR
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))
+
+  # Open for self
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)
+
+  # Open to IPv4 cidr blocks
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks
+
+  # Open to IPv6 cidr blocks
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks
+
+  # Open for security group id
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id
+
+  #############################
+  # Number of computed egress
+  #############################
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
+}
diff --git a/modules/solr/outputs.tf b/modules/solr/outputs.tf
new file mode 100644
index 00000000..3d7ad67f
--- /dev/null
+++ b/modules/solr/outputs.tf
@@ -0,0 +1,24 @@
+output "this_security_group_id" {
+  description = "The ID of the security group"
+  value       = module.sg.this_security_group_id
+}
+
+output "this_security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = module.sg.this_security_group_vpc_id
+}
+
+output "this_security_group_owner_id" {
+  description = "The owner ID"
+  value       = module.sg.this_security_group_owner_id
+}
+
+output "this_security_group_name" {
+  description = "The name of the security group"
+  value       = module.sg.this_security_group_name
+}
+
+output "this_security_group_description" {
+  description = "The description of the security group"
+  value       = module.sg.this_security_group_description
+}
diff --git a/modules/solr/variables.tf b/modules/solr/variables.tf
new file mode 100644
index 00000000..4d331561
--- /dev/null
+++ b/modules/solr/variables.tf
@@ -0,0 +1,348 @@
+#################
+# Security group
+#################
+variable "create" {
+  description = "Whether to create security group and all rules"
+  type        = bool
+  default     = true
+}
+
+variable "vpc_id" {
+  description = "ID of the VPC where to create security group"
+  type        = string
+}
+
+variable "name" {
+  description = "Name of security group"
+  type        = string
+}
+
+variable "use_name_prefix" {
+  description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation"
+  type        = bool
+  default     = true
+}
+
+variable "description" {
+  description = "Description of security group"
+  type        = string
+  default     = "Security Group managed by Terraform"
+}
+
+variable "revoke_rules_on_delete" {
+  description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR."
+  type        = bool
+  default     = false
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to security group"
+  type        = map(string)
+  default     = {}
+}
+
+##########
+# Ingress
+##########
+variable "ingress_rules" {
+  description = "List of ingress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_with_self" {
+  description = "List of ingress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_cidr_blocks" {
+  description = "List of ingress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_ipv6_cidr_blocks" {
+  description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_with_source_security_group_id" {
+  description = "List of ingress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+###################
+# Computed Ingress
+###################
+variable "computed_ingress_rules" {
+  description = "List of computed ingress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_with_self" {
+  description = "List of computed ingress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_ipv6_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_with_source_security_group_id" {
+  description = "List of computed ingress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  type        = list(string)
+  default     = []
+}
+
+###################################
+# Number of computed ingress rules
+###################################
+variable "number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_source_security_group_id" {
+  description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_ingress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  type        = number
+  default     = 0
+}
+
+#########
+# Egress
+#########
+variable "egress_rules" {
+  description = "List of egress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "egress_with_self" {
+  description = "List of egress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_cidr_blocks" {
+  description = "List of egress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_ipv6_cidr_blocks" {
+  description = "List of egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_with_source_security_group_id" {
+  description = "List of egress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all egress rules"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
+variable "egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all egress rules"
+  type        = list(string)
+  default     = ["::/0"]
+}
+
+variable "egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
+  type        = list(string)
+  default     = []
+}
+
+##################
+# Computed Egress
+##################
+variable "computed_egress_rules" {
+  description = "List of computed egress rules to create by name"
+  type        = list(string)
+  default     = []
+}
+
+variable "computed_egress_with_self" {
+  description = "List of computed egress rules to create where 'self' is defined"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_cidr_blocks" {
+  description = "List of computed egress rules to create where 'cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_ipv6_cidr_blocks" {
+  description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_with_source_security_group_id" {
+  description = "List of computed egress rules to create where 'source_security_group_id' is used"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "computed_egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed egress rules"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
+variable "computed_egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed egress rules"
+  type        = list(string)
+  default     = ["::/0"]
+}
+
+variable "computed_egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  type        = list(string)
+  default     = []
+}
+
+##################################
+# Number of computed egress rules
+##################################
+variable "number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_source_security_group_id" {
+  description = "Number of computed egress rules to create where 'source_security_group_id' is used"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_computed_egress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  type        = number
+  default     = 0
+}
diff --git a/modules/solr/versions.tf b/modules/solr/versions.tf
new file mode 100644
index 00000000..41f2989f
--- /dev/null
+++ b/modules/solr/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_version = ">= 0.12.6, < 0.14"
+
+  required_providers {
+    aws = "~> 2.42"
+  }
+}
diff --git a/rules.tf b/rules.tf
index 76ba6d62..33b522f4 100644
--- a/rules.tf
+++ b/rules.tf
@@ -129,6 +129,8 @@ variable "rules" {
     redis-tcp = [6379, 6379, "tcp", "Redis"]
     # Redshift
     redshift-tcp = [5439, 5439, "tcp", "Redshift"]
+    # Solr
+    solr-tcp = [8983, 8987, "tcp", "Solr"]
     # Splunk
     splunk-indexer-tcp = [9997, 9997, "tcp", "Splunk indexer"]
     splunk-web-tcp     = [8000, 8000, "tcp", "Splunk Web"]
@@ -360,6 +362,11 @@ variable "auto_groups" {
       ingress_with_self = ["all-all"]
       egress_rules      = ["all-all"]
     }
+    solr = {
+      ingress_rules     = ["solr-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
+    }
     splunk = {
       ingress_rules     = ["splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"]
       ingress_with_self = ["all-all"]

From 9f082c149bc116a02170f060f70f88297a77b80d Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Mon, 20 Jul 2020 13:34:53 +0300
Subject: [PATCH 09/16] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a5873d69..0303ef79 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="v3.13.0"></a>
+## [v3.13.0] - 2020-07-20
+
+- feat: Add support for Solr ([#181](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/181))
+
+
 <a name="v3.12.0"></a>
 ## [v3.12.0] - 2020-07-03
 
@@ -433,7 +439,8 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.12.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.13.0...HEAD
+[v3.13.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.12.0...v3.13.0
 [v3.12.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.11.0...v3.12.0
 [v3.11.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.10.0...v3.11.0
 [v3.10.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.9.0...v3.10.0

From 9dc9faf3865867a0a8baa5c2156f9b633c8edf43 Mon Sep 17 00:00:00 2001
From: Vladimir Samoylov <51059484+cageyv@users.noreply.github.com>
Date: Thu, 13 Aug 2020 14:45:10 +0700
Subject: [PATCH 10/16] feat: aws-provider version bump to >= 2.42, < 4.0
 (#184)

---
 README.md                           | 4 ++--
 examples/complete/main.tf           | 4 ++--
 modules/_templates/versions.tf      | 2 +-
 modules/activemq/README.md          | 2 +-
 modules/activemq/versions.tf        | 2 +-
 modules/alertmanager/README.md      | 2 +-
 modules/alertmanager/versions.tf    | 2 +-
 modules/carbon-relay-ng/README.md   | 2 +-
 modules/carbon-relay-ng/versions.tf | 2 +-
 modules/cassandra/README.md         | 2 +-
 modules/cassandra/versions.tf       | 2 +-
 modules/consul/README.md            | 2 +-
 modules/consul/versions.tf          | 2 +-
 modules/docker-swarm/README.md      | 2 +-
 modules/docker-swarm/versions.tf    | 2 +-
 modules/elasticsearch/README.md     | 2 +-
 modules/elasticsearch/versions.tf   | 2 +-
 modules/grafana/README.md           | 2 +-
 modules/grafana/versions.tf         | 2 +-
 modules/graphite-statsd/README.md   | 2 +-
 modules/graphite-statsd/versions.tf | 2 +-
 modules/http-80/README.md           | 2 +-
 modules/http-80/versions.tf         | 2 +-
 modules/http-8080/README.md         | 2 +-
 modules/http-8080/versions.tf       | 2 +-
 modules/https-443/README.md         | 2 +-
 modules/https-443/versions.tf       | 2 +-
 modules/https-8443/README.md        | 2 +-
 modules/https-8443/versions.tf      | 2 +-
 modules/ipsec-4500/README.md        | 2 +-
 modules/ipsec-4500/versions.tf      | 2 +-
 modules/ipsec-500/README.md         | 2 +-
 modules/ipsec-500/versions.tf       | 2 +-
 modules/kafka/README.md             | 2 +-
 modules/kafka/versions.tf           | 2 +-
 modules/kibana/README.md            | 2 +-
 modules/kibana/versions.tf          | 2 +-
 modules/kubernetes-api/README.md    | 2 +-
 modules/kubernetes-api/versions.tf  | 2 +-
 modules/ldaps/README.md             | 2 +-
 modules/ldaps/versions.tf           | 2 +-
 modules/logstash/README.md          | 2 +-
 modules/logstash/versions.tf        | 2 +-
 modules/memcached/README.md         | 2 +-
 modules/memcached/versions.tf       | 2 +-
 modules/minio/README.md             | 2 +-
 modules/minio/versions.tf           | 2 +-
 modules/mongodb/README.md           | 2 +-
 modules/mongodb/versions.tf         | 2 +-
 modules/mssql/README.md             | 2 +-
 modules/mssql/versions.tf           | 2 +-
 modules/mysql/README.md             | 2 +-
 modules/mysql/versions.tf           | 2 +-
 modules/nfs/README.md               | 2 +-
 modules/nfs/versions.tf             | 2 +-
 modules/nomad/README.md             | 2 +-
 modules/nomad/versions.tf           | 2 +-
 modules/ntp/README.md               | 2 +-
 modules/ntp/versions.tf             | 2 +-
 modules/openvpn/README.md           | 2 +-
 modules/openvpn/versions.tf         | 2 +-
 modules/oracle-db/README.md         | 2 +-
 modules/oracle-db/versions.tf       | 2 +-
 modules/postgresql/README.md        | 2 +-
 modules/postgresql/versions.tf      | 2 +-
 modules/prometheus/README.md        | 2 +-
 modules/prometheus/versions.tf      | 2 +-
 modules/puppet/README.md            | 2 +-
 modules/puppet/versions.tf          | 2 +-
 modules/rabbitmq/README.md          | 2 +-
 modules/rabbitmq/versions.tf        | 2 +-
 modules/rdp/README.md               | 2 +-
 modules/rdp/versions.tf             | 2 +-
 modules/redis/README.md             | 2 +-
 modules/redis/versions.tf           | 2 +-
 modules/redshift/README.md          | 2 +-
 modules/redshift/versions.tf        | 2 +-
 modules/solr/README.md              | 2 +-
 modules/solr/versions.tf            | 2 +-
 modules/splunk/README.md            | 2 +-
 modules/splunk/versions.tf          | 2 +-
 modules/squid/README.md             | 2 +-
 modules/squid/versions.tf           | 2 +-
 modules/ssh/README.md               | 2 +-
 modules/ssh/versions.tf             | 2 +-
 modules/storm/README.md             | 2 +-
 modules/storm/versions.tf           | 2 +-
 modules/web/README.md               | 2 +-
 modules/web/versions.tf             | 2 +-
 modules/winrm/README.md             | 2 +-
 modules/winrm/versions.tf           | 2 +-
 modules/zipkin/README.md            | 2 +-
 modules/zipkin/versions.tf          | 2 +-
 modules/zookeeper/README.md         | 2 +-
 modules/zookeeper/versions.tf       | 2 +-
 versions.tf                         | 2 +-
 96 files changed, 98 insertions(+), 98 deletions(-)

diff --git a/README.md b/README.md
index dd248035..5db5b68e 100644
--- a/README.md
+++ b/README.md
@@ -162,13 +162,13 @@ No issue is creating limit on this module.
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Inputs
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 40647262..3bc82c2c 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -179,7 +179,7 @@ module "complete_sg" {
       from_port = 41
       to_port   = 51
       protocol  = 6
-      self      = false
+      self      = true
     },
   ]
 
@@ -300,7 +300,7 @@ module "complete_sg" {
       from_port = 41
       to_port   = 51
       protocol  = 6
-      self      = false
+      self      = true
     },
   ]
 
diff --git a/modules/_templates/versions.tf b/modules/_templates/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/_templates/versions.tf
+++ b/modules/_templates/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/activemq/README.md b/modules/activemq/README.md
index adf873b1..3bdb2d25 100644
--- a/modules/activemq/README.md
+++ b/modules/activemq/README.md
@@ -19,7 +19,7 @@ All automatic values **activemq module** is using are available [here](https://g
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/activemq/versions.tf b/modules/activemq/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/activemq/versions.tf
+++ b/modules/activemq/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/alertmanager/README.md b/modules/alertmanager/README.md
index 923185bc..ea1bdc15 100644
--- a/modules/alertmanager/README.md
+++ b/modules/alertmanager/README.md
@@ -19,7 +19,7 @@ All automatic values **alertmanager module** is using are available [here](https
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/alertmanager/versions.tf b/modules/alertmanager/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/alertmanager/versions.tf
+++ b/modules/alertmanager/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/carbon-relay-ng/README.md b/modules/carbon-relay-ng/README.md
index cb27098b..5b50435c 100644
--- a/modules/carbon-relay-ng/README.md
+++ b/modules/carbon-relay-ng/README.md
@@ -19,7 +19,7 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/carbon-relay-ng/versions.tf b/modules/carbon-relay-ng/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/carbon-relay-ng/versions.tf
+++ b/modules/carbon-relay-ng/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/cassandra/README.md b/modules/cassandra/README.md
index ba715767..93bda3bf 100644
--- a/modules/cassandra/README.md
+++ b/modules/cassandra/README.md
@@ -19,7 +19,7 @@ All automatic values **cassandra module** is using are available [here](https://
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/cassandra/versions.tf b/modules/cassandra/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/cassandra/versions.tf
+++ b/modules/cassandra/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/consul/README.md b/modules/consul/README.md
index d0d66802..fa0ace2f 100644
--- a/modules/consul/README.md
+++ b/modules/consul/README.md
@@ -19,7 +19,7 @@ All automatic values **consul module** is using are available [here](https://git
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/consul/versions.tf b/modules/consul/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/consul/versions.tf
+++ b/modules/consul/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/docker-swarm/README.md b/modules/docker-swarm/README.md
index 114673c9..bf4047d7 100644
--- a/modules/docker-swarm/README.md
+++ b/modules/docker-swarm/README.md
@@ -19,7 +19,7 @@ All automatic values **docker-swarm module** is using are available [here](https
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/docker-swarm/versions.tf b/modules/docker-swarm/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/docker-swarm/versions.tf
+++ b/modules/docker-swarm/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/elasticsearch/README.md b/modules/elasticsearch/README.md
index bf61d3a8..ee3fa1fd 100644
--- a/modules/elasticsearch/README.md
+++ b/modules/elasticsearch/README.md
@@ -19,7 +19,7 @@ All automatic values **elasticsearch module** is using are available [here](http
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/elasticsearch/versions.tf b/modules/elasticsearch/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/elasticsearch/versions.tf
+++ b/modules/elasticsearch/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/grafana/README.md b/modules/grafana/README.md
index 46c36907..0a3773b2 100644
--- a/modules/grafana/README.md
+++ b/modules/grafana/README.md
@@ -19,7 +19,7 @@ All automatic values **grafana module** is using are available [here](https://gi
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/grafana/versions.tf b/modules/grafana/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/grafana/versions.tf
+++ b/modules/grafana/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/graphite-statsd/README.md b/modules/graphite-statsd/README.md
index 0605aab9..a4259781 100644
--- a/modules/graphite-statsd/README.md
+++ b/modules/graphite-statsd/README.md
@@ -19,7 +19,7 @@ All automatic values **graphite-statsd module** is using are available [here](ht
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/graphite-statsd/versions.tf b/modules/graphite-statsd/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/graphite-statsd/versions.tf
+++ b/modules/graphite-statsd/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/http-80/README.md b/modules/http-80/README.md
index 0601398c..460018d5 100644
--- a/modules/http-80/README.md
+++ b/modules/http-80/README.md
@@ -19,7 +19,7 @@ All automatic values **http-80 module** is using are available [here](https://gi
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/http-80/versions.tf b/modules/http-80/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/http-80/versions.tf
+++ b/modules/http-80/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/http-8080/README.md b/modules/http-8080/README.md
index 67372177..eaae3944 100644
--- a/modules/http-8080/README.md
+++ b/modules/http-8080/README.md
@@ -19,7 +19,7 @@ All automatic values **http-8080 module** is using are available [here](https://
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/http-8080/versions.tf b/modules/http-8080/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/http-8080/versions.tf
+++ b/modules/http-8080/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/https-443/README.md b/modules/https-443/README.md
index 4131e5d4..a323d14b 100644
--- a/modules/https-443/README.md
+++ b/modules/https-443/README.md
@@ -19,7 +19,7 @@ All automatic values **https-443 module** is using are available [here](https://
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/https-443/versions.tf b/modules/https-443/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/https-443/versions.tf
+++ b/modules/https-443/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/https-8443/README.md b/modules/https-8443/README.md
index aa033b1e..2aa46712 100644
--- a/modules/https-8443/README.md
+++ b/modules/https-8443/README.md
@@ -19,7 +19,7 @@ All automatic values **https-8443 module** is using are available [here](https:/
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/https-8443/versions.tf b/modules/https-8443/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/https-8443/versions.tf
+++ b/modules/https-8443/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/ipsec-4500/README.md b/modules/ipsec-4500/README.md
index 9eec5cc6..5ef3327d 100644
--- a/modules/ipsec-4500/README.md
+++ b/modules/ipsec-4500/README.md
@@ -19,7 +19,7 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/ipsec-4500/versions.tf b/modules/ipsec-4500/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/ipsec-4500/versions.tf
+++ b/modules/ipsec-4500/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/ipsec-500/README.md b/modules/ipsec-500/README.md
index 84e59e25..c0875b74 100644
--- a/modules/ipsec-500/README.md
+++ b/modules/ipsec-500/README.md
@@ -19,7 +19,7 @@ All automatic values **ipsec-500 module** is using are available [here](https://
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/ipsec-500/versions.tf b/modules/ipsec-500/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/ipsec-500/versions.tf
+++ b/modules/ipsec-500/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/kafka/README.md b/modules/kafka/README.md
index fdbbd8b7..d3ecf278 100644
--- a/modules/kafka/README.md
+++ b/modules/kafka/README.md
@@ -19,7 +19,7 @@ All automatic values **kafka module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/kafka/versions.tf b/modules/kafka/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/kafka/versions.tf
+++ b/modules/kafka/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/kibana/README.md b/modules/kibana/README.md
index e2322b71..2131618a 100644
--- a/modules/kibana/README.md
+++ b/modules/kibana/README.md
@@ -19,7 +19,7 @@ All automatic values **kibana module** is using are available [here](https://git
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/kibana/versions.tf b/modules/kibana/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/kibana/versions.tf
+++ b/modules/kibana/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/kubernetes-api/README.md b/modules/kubernetes-api/README.md
index 7f37046a..f18e0582 100644
--- a/modules/kubernetes-api/README.md
+++ b/modules/kubernetes-api/README.md
@@ -19,7 +19,7 @@ All automatic values **kubernetes-api module** is using are available [here](htt
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/kubernetes-api/versions.tf b/modules/kubernetes-api/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/kubernetes-api/versions.tf
+++ b/modules/kubernetes-api/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/ldaps/README.md b/modules/ldaps/README.md
index 22cc7d4b..7c8c64a0 100644
--- a/modules/ldaps/README.md
+++ b/modules/ldaps/README.md
@@ -19,7 +19,7 @@ All automatic values **ldaps module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/ldaps/versions.tf b/modules/ldaps/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/ldaps/versions.tf
+++ b/modules/ldaps/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/logstash/README.md b/modules/logstash/README.md
index 18753976..06d51642 100644
--- a/modules/logstash/README.md
+++ b/modules/logstash/README.md
@@ -19,7 +19,7 @@ All automatic values **logstash module** is using are available [here](https://g
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/logstash/versions.tf b/modules/logstash/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/logstash/versions.tf
+++ b/modules/logstash/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/memcached/README.md b/modules/memcached/README.md
index 649c684e..a0d96e66 100644
--- a/modules/memcached/README.md
+++ b/modules/memcached/README.md
@@ -19,7 +19,7 @@ All automatic values **memcached module** is using are available [here](https://
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/memcached/versions.tf b/modules/memcached/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/memcached/versions.tf
+++ b/modules/memcached/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/minio/README.md b/modules/minio/README.md
index f3432c09..e5e63d78 100644
--- a/modules/minio/README.md
+++ b/modules/minio/README.md
@@ -19,7 +19,7 @@ All automatic values **minio module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/minio/versions.tf b/modules/minio/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/minio/versions.tf
+++ b/modules/minio/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/mongodb/README.md b/modules/mongodb/README.md
index 7c1b026f..09fddf7c 100644
--- a/modules/mongodb/README.md
+++ b/modules/mongodb/README.md
@@ -19,7 +19,7 @@ All automatic values **mongodb module** is using are available [here](https://gi
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/mongodb/versions.tf b/modules/mongodb/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/mongodb/versions.tf
+++ b/modules/mongodb/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/mssql/README.md b/modules/mssql/README.md
index 50a29ea1..8396eea9 100644
--- a/modules/mssql/README.md
+++ b/modules/mssql/README.md
@@ -19,7 +19,7 @@ All automatic values **mssql module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/mssql/versions.tf b/modules/mssql/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/mssql/versions.tf
+++ b/modules/mssql/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/mysql/README.md b/modules/mysql/README.md
index e03e8ffa..ec1fd3a9 100644
--- a/modules/mysql/README.md
+++ b/modules/mysql/README.md
@@ -19,7 +19,7 @@ All automatic values **mysql module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/mysql/versions.tf b/modules/mysql/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/mysql/versions.tf
+++ b/modules/mysql/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/nfs/README.md b/modules/nfs/README.md
index 9ed3b94a..d8a23afe 100644
--- a/modules/nfs/README.md
+++ b/modules/nfs/README.md
@@ -19,7 +19,7 @@ All automatic values **nfs module** is using are available [here](https://github
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/nfs/versions.tf b/modules/nfs/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/nfs/versions.tf
+++ b/modules/nfs/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/nomad/README.md b/modules/nomad/README.md
index 1e7ed387..b98729c8 100644
--- a/modules/nomad/README.md
+++ b/modules/nomad/README.md
@@ -19,7 +19,7 @@ All automatic values **nomad module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/nomad/versions.tf b/modules/nomad/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/nomad/versions.tf
+++ b/modules/nomad/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/ntp/README.md b/modules/ntp/README.md
index 523be7f8..ac94dc63 100644
--- a/modules/ntp/README.md
+++ b/modules/ntp/README.md
@@ -19,7 +19,7 @@ All automatic values **ntp module** is using are available [here](https://github
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/ntp/versions.tf b/modules/ntp/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/ntp/versions.tf
+++ b/modules/ntp/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/openvpn/README.md b/modules/openvpn/README.md
index 5b5b5f06..ed4ac446 100644
--- a/modules/openvpn/README.md
+++ b/modules/openvpn/README.md
@@ -19,7 +19,7 @@ All automatic values **openvpn module** is using are available [here](https://gi
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/openvpn/versions.tf b/modules/openvpn/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/openvpn/versions.tf
+++ b/modules/openvpn/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/oracle-db/README.md b/modules/oracle-db/README.md
index 328684c2..6447c372 100644
--- a/modules/oracle-db/README.md
+++ b/modules/oracle-db/README.md
@@ -19,7 +19,7 @@ All automatic values **oracle-db module** is using are available [here](https://
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/oracle-db/versions.tf b/modules/oracle-db/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/oracle-db/versions.tf
+++ b/modules/oracle-db/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md
index e31b2b2f..6798bf99 100644
--- a/modules/postgresql/README.md
+++ b/modules/postgresql/README.md
@@ -19,7 +19,7 @@ All automatic values **postgresql module** is using are available [here](https:/
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/postgresql/versions.tf b/modules/postgresql/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/postgresql/versions.tf
+++ b/modules/postgresql/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/prometheus/README.md b/modules/prometheus/README.md
index 61b3c00c..44852cb3 100644
--- a/modules/prometheus/README.md
+++ b/modules/prometheus/README.md
@@ -19,7 +19,7 @@ All automatic values **prometheus module** is using are available [here](https:/
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/prometheus/versions.tf b/modules/prometheus/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/prometheus/versions.tf
+++ b/modules/prometheus/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/puppet/README.md b/modules/puppet/README.md
index 50228ad4..4af1f23e 100644
--- a/modules/puppet/README.md
+++ b/modules/puppet/README.md
@@ -19,7 +19,7 @@ All automatic values **puppet module** is using are available [here](https://git
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/puppet/versions.tf b/modules/puppet/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/puppet/versions.tf
+++ b/modules/puppet/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/rabbitmq/README.md b/modules/rabbitmq/README.md
index 05e6f7cd..d2477d5f 100644
--- a/modules/rabbitmq/README.md
+++ b/modules/rabbitmq/README.md
@@ -19,7 +19,7 @@ All automatic values **rabbitmq module** is using are available [here](https://g
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/rabbitmq/versions.tf b/modules/rabbitmq/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/rabbitmq/versions.tf
+++ b/modules/rabbitmq/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/rdp/README.md b/modules/rdp/README.md
index 2b219d21..d01ed0e4 100644
--- a/modules/rdp/README.md
+++ b/modules/rdp/README.md
@@ -19,7 +19,7 @@ All automatic values **rdp module** is using are available [here](https://github
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/rdp/versions.tf b/modules/rdp/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/rdp/versions.tf
+++ b/modules/rdp/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/redis/README.md b/modules/redis/README.md
index fb6db94e..ca94d9f3 100644
--- a/modules/redis/README.md
+++ b/modules/redis/README.md
@@ -19,7 +19,7 @@ All automatic values **redis module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/redis/versions.tf b/modules/redis/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/redis/versions.tf
+++ b/modules/redis/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/redshift/README.md b/modules/redshift/README.md
index 6f70f3e4..fedf5735 100644
--- a/modules/redshift/README.md
+++ b/modules/redshift/README.md
@@ -19,7 +19,7 @@ All automatic values **redshift module** is using are available [here](https://g
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/redshift/versions.tf b/modules/redshift/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/redshift/versions.tf
+++ b/modules/redshift/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/solr/README.md b/modules/solr/README.md
index 0d8014d6..bd220460 100644
--- a/modules/solr/README.md
+++ b/modules/solr/README.md
@@ -19,7 +19,7 @@ All automatic values **solr module** is using are available [here](https://githu
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/solr/versions.tf b/modules/solr/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/solr/versions.tf
+++ b/modules/solr/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/splunk/README.md b/modules/splunk/README.md
index 8c5a68bd..eda0ad9b 100644
--- a/modules/splunk/README.md
+++ b/modules/splunk/README.md
@@ -19,7 +19,7 @@ All automatic values **splunk module** is using are available [here](https://git
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/splunk/versions.tf b/modules/splunk/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/splunk/versions.tf
+++ b/modules/splunk/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/squid/README.md b/modules/squid/README.md
index e3869ce7..3098e982 100644
--- a/modules/squid/README.md
+++ b/modules/squid/README.md
@@ -19,7 +19,7 @@ All automatic values **squid module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/squid/versions.tf b/modules/squid/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/squid/versions.tf
+++ b/modules/squid/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/ssh/README.md b/modules/ssh/README.md
index f6c150e2..3427df3a 100644
--- a/modules/ssh/README.md
+++ b/modules/ssh/README.md
@@ -19,7 +19,7 @@ All automatic values **ssh module** is using are available [here](https://github
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/ssh/versions.tf b/modules/ssh/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/ssh/versions.tf
+++ b/modules/ssh/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/storm/README.md b/modules/storm/README.md
index 2d074861..639c0d57 100644
--- a/modules/storm/README.md
+++ b/modules/storm/README.md
@@ -19,7 +19,7 @@ All automatic values **storm module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/storm/versions.tf b/modules/storm/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/storm/versions.tf
+++ b/modules/storm/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/web/README.md b/modules/web/README.md
index 02e3cdd0..6312ae4c 100644
--- a/modules/web/README.md
+++ b/modules/web/README.md
@@ -19,7 +19,7 @@ All automatic values **web module** is using are available [here](https://github
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/web/versions.tf b/modules/web/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/web/versions.tf
+++ b/modules/web/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/winrm/README.md b/modules/winrm/README.md
index ce56bdd0..7960a4d8 100644
--- a/modules/winrm/README.md
+++ b/modules/winrm/README.md
@@ -19,7 +19,7 @@ All automatic values **winrm module** is using are available [here](https://gith
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/winrm/versions.tf b/modules/winrm/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/winrm/versions.tf
+++ b/modules/winrm/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/zipkin/README.md b/modules/zipkin/README.md
index aa4583b6..d552d7d7 100644
--- a/modules/zipkin/README.md
+++ b/modules/zipkin/README.md
@@ -19,7 +19,7 @@ All automatic values **zipkin module** is using are available [here](https://git
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/zipkin/versions.tf b/modules/zipkin/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/zipkin/versions.tf
+++ b/modules/zipkin/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/modules/zookeeper/README.md b/modules/zookeeper/README.md
index e91fd374..b6121d32 100644
--- a/modules/zookeeper/README.md
+++ b/modules/zookeeper/README.md
@@ -19,7 +19,7 @@ All automatic values **zookeeper module** is using are available [here](https://
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6, < 0.14 |
-| aws | ~> 2.42 |
+| aws | >= 2.42, < 4.0 |
 
 ## Providers
 
diff --git a/modules/zookeeper/versions.tf b/modules/zookeeper/versions.tf
index 41f2989f..1bdee38b 100644
--- a/modules/zookeeper/versions.tf
+++ b/modules/zookeeper/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }
diff --git a/versions.tf b/versions.tf
index 41f2989f..1bdee38b 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6, < 0.14"
 
   required_providers {
-    aws = "~> 2.42"
+    aws = ">= 2.42, < 4.0"
   }
 }

From 62024cd318b2a70038aed7c7477e96b289792191 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Thu, 13 Aug 2020 09:45:49 +0200
Subject: [PATCH 11/16] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0303ef79..f8b94d6c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="v3.14.0"></a>
+## [v3.14.0] - 2020-08-13
+
+- feat: aws-provider version bump to >= 2.42, < 4.0 ([#184](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/184))
+
+
 <a name="v3.13.0"></a>
 ## [v3.13.0] - 2020-07-20
 
@@ -439,7 +445,8 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.13.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.14.0...HEAD
+[v3.14.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.13.0...v3.14.0
 [v3.13.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.12.0...v3.13.0
 [v3.12.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.11.0...v3.12.0
 [v3.11.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.10.0...v3.11.0

From f49a02fe5c6c46939a4f83948eb00e1b9b3301ab Mon Sep 17 00:00:00 2001
From: Paul Pop <paul.pop@targetb.io>
Date: Thu, 13 Aug 2020 08:51:30 +0100
Subject: [PATCH 12/16] feat: Add JMX and Node exporter TCP ports for Kafka
 (#186)

---
 README.md                    | 4 ++--
 modules/kafka/README.md      | 2 +-
 modules/kafka/auto_values.tf | 2 +-
 rules.tf                     | 8 +++++---
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 5db5b68e..9c637b78 100644
--- a/README.md
+++ b/README.md
@@ -174,7 +174,7 @@ No issue is creating limit on this module.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "logstash": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "logstash-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "minio": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "minio-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "solr": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "solr-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
+| auto\_groups | Map of groups of security group rules to use to generate modules (see update\_groups.sh) | `map(map(list(string)))` | <pre>{<br>  "activemq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "activemq-5671-tcp",<br>      "activemq-8883-tcp",<br>      "activemq-61614-tcp",<br>      "activemq-61617-tcp",<br>      "activemq-61619-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "alertmanager": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "alertmanager-9093-tcp",<br>      "alertmanager-9094-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "carbon-relay-ng": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "carbon-line-in-tcp",<br>      "carbon-line-in-udp",<br>      "carbon-pickle-tcp",<br>      "carbon-pickle-udp",<br>      "carbon-gui-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "cassandra": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "cassandra-clients-tcp",<br>      "cassandra-thrift-clients-tcp",<br>      "cassandra-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "consul": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "consul-tcp",<br>      "consul-cli-rpc-tcp",<br>      "consul-webui-tcp",<br>      "consul-dns-tcp",<br>      "consul-dns-udp",<br>      "consul-serf-lan-tcp",<br>      "consul-serf-lan-udp",<br>      "consul-serf-wan-tcp",<br>      "consul-serf-wan-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "docker-swarm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "docker-swarm-mngmt-tcp",<br>      "docker-swarm-node-tcp",<br>      "docker-swarm-node-udp",<br>      "docker-swarm-overlay-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "elasticsearch": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "elasticsearch-rest-tcp",<br>      "elasticsearch-java-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "grafana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "grafana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "graphite-statsd": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "graphite-webui",<br>      "graphite-2003-tcp",<br>      "graphite-2004-tcp",<br>      "graphite-2023-tcp",<br>      "graphite-2024-tcp",<br>      "graphite-8080-tcp",<br>      "graphite-8125-tcp",<br>      "graphite-8125-udp",<br>      "graphite-8126-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-80": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "http-8080": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-8080-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "https-8443": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "https-8443-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-4500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-4500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ipsec-500": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ipsec-500-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kafka": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kafka-broker-tcp",<br>      "kafka-broker-tls-tcp",<br>      "kafka-jmx-exporter-tcp",<br>      "kafka-node-exporter-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kibana": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kibana-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "kubernetes-api": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "kubernetes-api-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ldaps": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ldaps-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "logstash": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "logstash-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "memcached": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "memcached-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "minio": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "minio-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mongodb": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mongodb-27017-tcp",<br>      "mongodb-27018-tcp",<br>      "mongodb-27019-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mssql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mssql-tcp",<br>      "mssql-udp",<br>      "mssql-analytics-tcp",<br>      "mssql-broker-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "mysql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "mysql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nfs": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nfs-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "nomad": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "nomad-http-tcp",<br>      "nomad-rpc-tcp",<br>      "nomad-serf-tcp",<br>      "nomad-serf-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ntp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ntp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "openvpn": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "openvpn-udp",<br>      "openvpn-tcp",<br>      "openvpn-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "oracle-db": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "oracle-db-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "postgresql": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "postgresql-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "prometheus": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "prometheus-http-tcp",<br>      "prometheus-pushgateway-http-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "puppet": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "puppet-tcp",<br>      "puppetdb-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rabbitmq": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rabbitmq-4369-tcp",<br>      "rabbitmq-5671-tcp",<br>      "rabbitmq-5672-tcp",<br>      "rabbitmq-15672-tcp",<br>      "rabbitmq-25672-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "rdp": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "rdp-tcp",<br>      "rdp-udp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redis": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redis-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "redshift": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "redshift-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "solr": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "solr-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "splunk": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "splunk-indexer-tcp",<br>      "splunk-clients-tcp",<br>      "splunk-splunkd-tcp",<br>      "splunk-hec-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "squid": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "squid-proxy-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "ssh": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "ssh-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "storm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "storm-nimbus-tcp",<br>      "storm-ui-tcp",<br>      "storm-supervisor-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "web": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "http-80-tcp",<br>      "http-8080-tcp",<br>      "https-443-tcp",<br>      "web-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "winrm": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "winrm-http-tcp",<br>      "winrm-https-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zipkin": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zipkin-admin-tcp",<br>      "zipkin-admin-query-tcp",<br>      "zipkin-admin-web-tcp",<br>      "zipkin-query-tcp",<br>      "zipkin-web-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  },<br>  "zookeeper": {<br>    "egress_rules": [<br>      "all-all"<br>    ],<br>    "ingress_rules": [<br>      "zookeeper-2181-tcp",<br>      "zookeeper-2888-tcp",<br>      "zookeeper-3888-tcp",<br>      "zookeeper-jmx-tcp"<br>    ],<br>    "ingress_with_self": [<br>      "all-all"<br>    ]<br>  }<br>}</pre> | no |
 | computed\_egress\_rules | List of computed egress rules to create by name | `list(string)` | `[]` | no |
 | computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
 | computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
@@ -215,7 +215,7 @@ No issue is creating limit on this module.
 | number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
 | number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
 | revoke\_rules\_on\_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
-| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "logstash-tcp": [<br>    5044,<br>    5044,<br>    "tcp",<br>    "Logstash"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "solr-tcp": [<br>    8983,<br>    8987,<br>    "tcp",<br>    "Solr"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
+| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | `map(list(any))` | <pre>{<br>  "_": [<br>    "",<br>    "",<br>    ""<br>  ],<br>  "activemq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "ActiveMQ AMQP"<br>  ],<br>  "activemq-61614-tcp": [<br>    61614,<br>    61614,<br>    "tcp",<br>    "ActiveMQ STOMP"<br>  ],<br>  "activemq-61617-tcp": [<br>    61617,<br>    61617,<br>    "tcp",<br>    "ActiveMQ OpenWire"<br>  ],<br>  "activemq-61619-tcp": [<br>    61619,<br>    61619,<br>    "tcp",<br>    "ActiveMQ WebSocket"<br>  ],<br>  "activemq-8883-tcp": [<br>    8883,<br>    8883,<br>    "tcp",<br>    "ActiveMQ MQTT"<br>  ],<br>  "alertmanager-9093-tcp": [<br>    9093,<br>    9093,<br>    "tcp",<br>    "Alert Manager"<br>  ],<br>  "alertmanager-9094-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Alert Manager Cluster"<br>  ],<br>  "all-all": [<br>    -1,<br>    -1,<br>    "-1",<br>    "All protocols"<br>  ],<br>  "all-icmp": [<br>    -1,<br>    -1,<br>    "icmp",<br>    "All IPV4 ICMP"<br>  ],<br>  "all-ipv6-icmp": [<br>    -1,<br>    -1,<br>    58,<br>    "All IPV6 ICMP"<br>  ],<br>  "all-tcp": [<br>    0,<br>    65535,<br>    "tcp",<br>    "All TCP ports"<br>  ],<br>  "all-udp": [<br>    0,<br>    65535,<br>    "udp",<br>    "All UDP ports"<br>  ],<br>  "carbon-admin-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon admin"<br>  ],<br>  "carbon-gui-udp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "Carbon GUI"<br>  ],<br>  "carbon-line-in-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-line-in-udp": [<br>    2003,<br>    2003,<br>    "udp",<br>    "Carbon line-in"<br>  ],<br>  "carbon-pickle-tcp": [<br>    2013,<br>    2013,<br>    "tcp",<br>    "Carbon pickle"<br>  ],<br>  "carbon-pickle-udp": [<br>    2013,<br>    2013,<br>    "udp",<br>    "Carbon pickle"<br>  ],<br>  "cassandra-clients-tcp": [<br>    9042,<br>    9042,<br>    "tcp",<br>    "Cassandra clients"<br>  ],<br>  "cassandra-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "cassandra-thrift-clients-tcp": [<br>    9160,<br>    9160,<br>    "tcp",<br>    "Cassandra Thrift clients"<br>  ],<br>  "consul-cli-rpc-tcp": [<br>    8400,<br>    8400,<br>    "tcp",<br>    "Consul CLI RPC"<br>  ],<br>  "consul-dns-tcp": [<br>    8600,<br>    8600,<br>    "tcp",<br>    "Consul DNS"<br>  ],<br>  "consul-dns-udp": [<br>    8600,<br>    8600,<br>    "udp",<br>    "Consul DNS"<br>  ],<br>  "consul-serf-lan-tcp": [<br>    8301,<br>    8301,<br>    "tcp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-lan-udp": [<br>    8301,<br>    8301,<br>    "udp",<br>    "Serf LAN"<br>  ],<br>  "consul-serf-wan-tcp": [<br>    8302,<br>    8302,<br>    "tcp",<br>    "Serf WAN"<br>  ],<br>  "consul-serf-wan-udp": [<br>    8302,<br>    8302,<br>    "udp",<br>    "Serf WAN"<br>  ],<br>  "consul-tcp": [<br>    8300,<br>    8300,<br>    "tcp",<br>    "Consul server"<br>  ],<br>  "consul-webui-tcp": [<br>    8500,<br>    8500,<br>    "tcp",<br>    "Consul web UI"<br>  ],<br>  "dns-tcp": [<br>    53,<br>    53,<br>    "tcp",<br>    "DNS"<br>  ],<br>  "dns-udp": [<br>    53,<br>    53,<br>    "udp",<br>    "DNS"<br>  ],<br>  "docker-swarm-mngmt-tcp": [<br>    2377,<br>    2377,<br>    "tcp",<br>    "Docker Swarm cluster management"<br>  ],<br>  "docker-swarm-node-tcp": [<br>    7946,<br>    7946,<br>    "tcp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-node-udp": [<br>    7946,<br>    7946,<br>    "udp",<br>    "Docker Swarm node"<br>  ],<br>  "docker-swarm-overlay-udp": [<br>    4789,<br>    4789,<br>    "udp",<br>    "Docker Swarm Overlay Network Traffic"<br>  ],<br>  "elasticsearch-java-tcp": [<br>    9300,<br>    9300,<br>    "tcp",<br>    "Elasticsearch Java interface"<br>  ],<br>  "elasticsearch-rest-tcp": [<br>    9200,<br>    9200,<br>    "tcp",<br>    "Elasticsearch REST interface"<br>  ],<br>  "grafana-tcp": [<br>    3000,<br>    3000,<br>    "tcp",<br>    "Grafana Dashboard"<br>  ],<br>  "graphite-2003-tcp": [<br>    2003,<br>    2003,<br>    "tcp",<br>    "Carbon receiver plain text"<br>  ],<br>  "graphite-2004-tcp": [<br>    2004,<br>    2004,<br>    "tcp",<br>    "Carbon receiver pickle"<br>  ],<br>  "graphite-2023-tcp": [<br>    2023,<br>    2023,<br>    "tcp",<br>    "Carbon aggregator plaintext"<br>  ],<br>  "graphite-2024-tcp": [<br>    2024,<br>    2024,<br>    "tcp",<br>    "Carbon aggregator pickle"<br>  ],<br>  "graphite-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Graphite gunicorn port"<br>  ],<br>  "graphite-8125-tcp": [<br>    8125,<br>    8125,<br>    "tcp",<br>    "Statsd TCP"<br>  ],<br>  "graphite-8125-udp": [<br>    8125,<br>    8125,<br>    "udp",<br>    "Statsd UDP default"<br>  ],<br>  "graphite-8126-tcp": [<br>    8126,<br>    8126,<br>    "tcp",<br>    "Statsd admin"<br>  ],<br>  "graphite-webui": [<br>    80,<br>    80,<br>    "tcp",<br>    "Graphite admin interface"<br>  ],<br>  "http-80-tcp": [<br>    80,<br>    80,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "http-8080-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "HTTP"<br>  ],<br>  "https-443-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "https-8443-tcp": [<br>    8443,<br>    8443,<br>    "tcp",<br>    "HTTPS"<br>  ],<br>  "ipsec-4500-udp": [<br>    4500,<br>    4500,<br>    "udp",<br>    "IPSEC NAT-T"<br>  ],<br>  "ipsec-500-udp": [<br>    500,<br>    500,<br>    "udp",<br>    "IPSEC ISAKMP"<br>  ],<br>  "kafka-broker-tcp": [<br>    9092,<br>    9092,<br>    "tcp",<br>    "Kafka broker 0.8.2+"<br>  ],<br>  "kafka-broker-tls-tcp": [<br>    9094,<br>    9094,<br>    "tcp",<br>    "Kafka TLS enabled broker 0.8.2+"<br>  ],<br>  "kafka-jmx-exporter-tcp": [<br>    11001,<br>    11001,<br>    "tcp",<br>    "Kafka JMX Exporter"<br>  ],<br>  "kafka-node-exporter-tcp": [<br>    11002,<br>    11002,<br>    "tcp",<br>    "Kafka Node Exporter"<br>  ],<br>  "kibana-tcp": [<br>    5601,<br>    5601,<br>    "tcp",<br>    "Kibana Web Interface"<br>  ],<br>  "kubernetes-api-tcp": [<br>    6443,<br>    6443,<br>    "tcp",<br>    "Kubernetes API Server"<br>  ],<br>  "ldaps-tcp": [<br>    636,<br>    636,<br>    "tcp",<br>    "LDAPS"<br>  ],<br>  "logstash-tcp": [<br>    5044,<br>    5044,<br>    "tcp",<br>    "Logstash"<br>  ],<br>  "memcached-tcp": [<br>    11211,<br>    11211,<br>    "tcp",<br>    "Memcached"<br>  ],<br>  "minio-tcp": [<br>    9000,<br>    9000,<br>    "tcp",<br>    "MinIO"<br>  ],<br>  "mongodb-27017-tcp": [<br>    27017,<br>    27017,<br>    "tcp",<br>    "MongoDB"<br>  ],<br>  "mongodb-27018-tcp": [<br>    27018,<br>    27018,<br>    "tcp",<br>    "MongoDB shard"<br>  ],<br>  "mongodb-27019-tcp": [<br>    27019,<br>    27019,<br>    "tcp",<br>    "MongoDB config server"<br>  ],<br>  "mssql-analytics-tcp": [<br>    2383,<br>    2383,<br>    "tcp",<br>    "MSSQL Analytics"<br>  ],<br>  "mssql-broker-tcp": [<br>    4022,<br>    4022,<br>    "tcp",<br>    "MSSQL Broker"<br>  ],<br>  "mssql-tcp": [<br>    1433,<br>    1433,<br>    "tcp",<br>    "MSSQL Server"<br>  ],<br>  "mssql-udp": [<br>    1434,<br>    1434,<br>    "udp",<br>    "MSSQL Browser"<br>  ],<br>  "mysql-tcp": [<br>    3306,<br>    3306,<br>    "tcp",<br>    "MySQL/Aurora"<br>  ],<br>  "nfs-tcp": [<br>    2049,<br>    2049,<br>    "tcp",<br>    "NFS/EFS"<br>  ],<br>  "nomad-http-tcp": [<br>    4646,<br>    4646,<br>    "tcp",<br>    "Nomad HTTP"<br>  ],<br>  "nomad-rpc-tcp": [<br>    4647,<br>    4647,<br>    "tcp",<br>    "Nomad RPC"<br>  ],<br>  "nomad-serf-tcp": [<br>    4648,<br>    4648,<br>    "tcp",<br>    "Serf"<br>  ],<br>  "nomad-serf-udp": [<br>    4648,<br>    4648,<br>    "udp",<br>    "Serf"<br>  ],<br>  "ntp-udp": [<br>    123,<br>    123,<br>    "udp",<br>    "NTP"<br>  ],<br>  "openvpn-https-tcp": [<br>    443,<br>    443,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-tcp": [<br>    943,<br>    943,<br>    "tcp",<br>    "OpenVPN"<br>  ],<br>  "openvpn-udp": [<br>    1194,<br>    1194,<br>    "udp",<br>    "OpenVPN"<br>  ],<br>  "oracle-db-tcp": [<br>    1521,<br>    1521,<br>    "tcp",<br>    "Oracle"<br>  ],<br>  "postgresql-tcp": [<br>    5432,<br>    5432,<br>    "tcp",<br>    "PostgreSQL"<br>  ],<br>  "prometheus-http-tcp": [<br>    9090,<br>    9090,<br>    "tcp",<br>    "Prometheus"<br>  ],<br>  "prometheus-pushgateway-http-tcp": [<br>    9091,<br>    9091,<br>    "tcp",<br>    "Prometheus Pushgateway"<br>  ],<br>  "puppet-tcp": [<br>    8140,<br>    8140,<br>    "tcp",<br>    "Puppet"<br>  ],<br>  "puppetdb-tcp": [<br>    8081,<br>    8081,<br>    "tcp",<br>    "PuppetDB"<br>  ],<br>  "rabbitmq-15672-tcp": [<br>    15672,<br>    15672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-25672-tcp": [<br>    25672,<br>    25672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-4369-tcp": [<br>    4369,<br>    4369,<br>    "tcp",<br>    "RabbitMQ epmd"<br>  ],<br>  "rabbitmq-5671-tcp": [<br>    5671,<br>    5671,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rabbitmq-5672-tcp": [<br>    5672,<br>    5672,<br>    "tcp",<br>    "RabbitMQ"<br>  ],<br>  "rdp-tcp": [<br>    3389,<br>    3389,<br>    "tcp",<br>    "Remote Desktop"<br>  ],<br>  "rdp-udp": [<br>    3389,<br>    3389,<br>    "udp",<br>    "Remote Desktop"<br>  ],<br>  "redis-tcp": [<br>    6379,<br>    6379,<br>    "tcp",<br>    "Redis"<br>  ],<br>  "redshift-tcp": [<br>    5439,<br>    5439,<br>    "tcp",<br>    "Redshift"<br>  ],<br>  "solr-tcp": [<br>    8983,<br>    8987,<br>    "tcp",<br>    "Solr"<br>  ],<br>  "splunk-hec-tcp": [<br>    8088,<br>    8088,<br>    "tcp",<br>    "Splunk HEC"<br>  ],<br>  "splunk-indexer-tcp": [<br>    9997,<br>    9997,<br>    "tcp",<br>    "Splunk indexer"<br>  ],<br>  "splunk-splunkd-tcp": [<br>    8089,<br>    8089,<br>    "tcp",<br>    "Splunkd"<br>  ],<br>  "splunk-web-tcp": [<br>    8000,<br>    8000,<br>    "tcp",<br>    "Splunk Web"<br>  ],<br>  "squid-proxy-tcp": [<br>    3128,<br>    3128,<br>    "tcp",<br>    "Squid default proxy"<br>  ],<br>  "ssh-tcp": [<br>    22,<br>    22,<br>    "tcp",<br>    "SSH"<br>  ],<br>  "storm-nimbus-tcp": [<br>    6627,<br>    6627,<br>    "tcp",<br>    "Nimbus"<br>  ],<br>  "storm-supervisor-tcp": [<br>    6700,<br>    6703,<br>    "tcp",<br>    "Supervisor"<br>  ],<br>  "storm-ui-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Storm UI"<br>  ],<br>  "web-jmx-tcp": [<br>    1099,<br>    1099,<br>    "tcp",<br>    "JMX"<br>  ],<br>  "winrm-http-tcp": [<br>    5985,<br>    5985,<br>    "tcp",<br>    "WinRM HTTP"<br>  ],<br>  "winrm-https-tcp": [<br>    5986,<br>    5986,<br>    "tcp",<br>    "WinRM HTTPS"<br>  ],<br>  "zipkin-admin-query-tcp": [<br>    9901,<br>    9901,<br>    "tcp",<br>    "Zipkin Admin port query"<br>  ],<br>  "zipkin-admin-tcp": [<br>    9990,<br>    9990,<br>    "tcp",<br>    "Zipkin Admin port collector"<br>  ],<br>  "zipkin-admin-web-tcp": [<br>    9991,<br>    9991,<br>    "tcp",<br>    "Zipkin Admin port web"<br>  ],<br>  "zipkin-query-tcp": [<br>    9411,<br>    9411,<br>    "tcp",<br>    "Zipkin query port"<br>  ],<br>  "zipkin-web-tcp": [<br>    8080,<br>    8080,<br>    "tcp",<br>    "Zipkin web port"<br>  ],<br>  "zookeeper-2181-tcp": [<br>    2181,<br>    2181,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-2888-tcp": [<br>    2888,<br>    2888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-3888-tcp": [<br>    3888,<br>    3888,<br>    "tcp",<br>    "Zookeeper"<br>  ],<br>  "zookeeper-jmx-tcp": [<br>    7199,<br>    7199,<br>    "tcp",<br>    "JMX"<br>  ]<br>}</pre> | no |
 | tags | A mapping of tags to assign to security group | `map(string)` | `{}` | no |
 | use\_name\_prefix | Whether to use name\_prefix or fixed name. Should be true to able to update security group name after initial creation | `bool` | `true` | no |
 | vpc\_id | ID of the VPC where to create security group | `string` | n/a | yes |
diff --git a/modules/kafka/README.md b/modules/kafka/README.md
index d3ecf278..4ed8c71f 100644
--- a/modules/kafka/README.md
+++ b/modules/kafka/README.md
@@ -35,7 +35,7 @@ No provider.
 | auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | `list(map(string))` | `[]` | no |
 | auto\_egress\_rules | List of egress rules to add automatically | `list(string)` | <pre>[<br>  "all-all"<br>]</pre> | no |
 | auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | `list(map(string))` | `[]` | no |
-| auto\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | <pre>[<br>  "kafka-broker-tcp",<br>  "kafka-broker-tls-tcp"<br>]</pre> | no |
+| auto\_ingress\_rules | List of ingress rules to add automatically | `list(string)` | <pre>[<br>  "kafka-broker-tcp",<br>  "kafka-broker-tls-tcp",<br>  "kafka-jmx-exporter-tcp",<br>  "kafka-node-exporter-tcp"<br>]</pre> | no |
 | auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | `list(map(string))` | <pre>[<br>  {<br>    "rule": "all-all"<br>  }<br>]</pre> | no |
 | auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | `number` | `0` | no |
 | auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
diff --git a/modules/kafka/auto_values.tf b/modules/kafka/auto_values.tf
index 39233530..da2b7953 100644
--- a/modules/kafka/auto_values.tf
+++ b/modules/kafka/auto_values.tf
@@ -6,7 +6,7 @@
 variable "auto_ingress_rules" {
   description = "List of ingress rules to add automatically"
   type        = list(string)
-  default     = ["kafka-broker-tcp", "kafka-broker-tls-tcp"]
+  default     = ["kafka-broker-tcp", "kafka-broker-tls-tcp", "kafka-jmx-exporter-tcp", "kafka-node-exporter-tcp"]
 }
 
 variable "auto_ingress_with_self" {
diff --git a/rules.tf b/rules.tf
index 33b522f4..8c1fc3ff 100644
--- a/rules.tf
+++ b/rules.tf
@@ -70,8 +70,10 @@ variable "rules" {
     ipsec-500-udp  = [500, 500, "udp", "IPSEC ISAKMP"]
     ipsec-4500-udp = [4500, 4500, "udp", "IPSEC NAT-T"]
     # Kafka
-    kafka-broker-tcp     = [9092, 9092, "tcp", "Kafka broker 0.8.2+"]
-    kafka-broker-tls-tcp = [9094, 9094, "tcp", "Kafka TLS enabled broker 0.8.2+"]
+    kafka-broker-tcp        = [9092, 9092, "tcp", "Kafka broker 0.8.2+"]
+    kafka-broker-tls-tcp    = [9094, 9094, "tcp", "Kafka TLS enabled broker 0.8.2+"]
+    kafka-jmx-exporter-tcp  = [11001, 11001, "tcp", "Kafka JMX Exporter"]
+    kafka-node-exporter-tcp = [11002, 11002, "tcp", "Kafka Node Exporter"]
     # Kibana
     kibana-tcp = [5601, 5601, "tcp", "Kibana Web Interface"]
     # Kubernetes
@@ -253,7 +255,7 @@ variable "auto_groups" {
       egress_rules      = ["all-all"]
     }
     kafka = {
-      ingress_rules     = ["kafka-broker-tcp", "kafka-broker-tls-tcp"]
+      ingress_rules     = ["kafka-broker-tcp", "kafka-broker-tls-tcp", "kafka-jmx-exporter-tcp", "kafka-node-exporter-tcp"]
       ingress_with_self = ["all-all"]
       egress_rules      = ["all-all"]
     }

From 743e57b62ffd01fc7fc97b4a5d1fd91fdd8a4f8c Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Thu, 13 Aug 2020 09:51:43 +0200
Subject: [PATCH 13/16] Updated CHANGELOG

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8b94d6c..39ed5ac7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="v3.15.0"></a>
+## [v3.15.0] - 2020-08-13
+
+- feat: Add JMX and Node exporter TCP ports for Kafka ([#186](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/186))
+
+
 <a name="v3.14.0"></a>
 ## [v3.14.0] - 2020-08-13
 
@@ -445,7 +451,8 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.14.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.15.0...HEAD
+[v3.15.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.14.0...v3.15.0
 [v3.14.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.13.0...v3.14.0
 [v3.13.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.12.0...v3.13.0
 [v3.12.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.11.0...v3.12.0

From 5f35ec28172555e75d42021b4d2b76b6f03aa291 Mon Sep 17 00:00:00 2001
From: sojinss4u <sojinss4u@gmail.com>
Date: Fri, 21 Aug 2020 00:39:41 +0530
Subject: [PATCH 14/16] feat: Allow custom Name tag for security group (#187)

---
 main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 38d19863..a863456e 100644
--- a/main.tf
+++ b/main.tf
@@ -21,10 +21,10 @@ resource "aws_security_group" "this" {
   revoke_rules_on_delete = var.revoke_rules_on_delete
 
   tags = merge(
-    var.tags,
     {
       "Name" = format("%s", var.name)
     },
+    var.tags,
   )
 }
 
@@ -40,10 +40,10 @@ resource "aws_security_group" "this_name_prefix" {
   revoke_rules_on_delete = var.revoke_rules_on_delete
 
   tags = merge(
-    var.tags,
     {
       "Name" = format("%s", var.name)
     },
+    var.tags, 
   )
 
   lifecycle {

From 3f26db0997012c53a881c6f37de9b37303c9c859 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Thu, 20 Aug 2020 21:11:49 +0200
Subject: [PATCH 15/16] chore: Fixed formatting

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index a863456e..a45a38b0 100644
--- a/main.tf
+++ b/main.tf
@@ -43,7 +43,7 @@ resource "aws_security_group" "this_name_prefix" {
     {
       "Name" = format("%s", var.name)
     },
-    var.tags, 
+    var.tags,
   )
 
   lifecycle {

From b6362f88d065457a6f224e99ceec5f58bce6754b Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Thu, 20 Aug 2020 21:12:08 +0200
Subject: [PATCH 16/16] Updated CHANGELOG

---
 CHANGELOG.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 39ed5ac7..b2dd5c5e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,13 @@ All notable changes to this project will be documented in this file.
 
 
 
+<a name="v3.16.0"></a>
+## [v3.16.0] - 2020-08-20
+
+- chore: Fixed formatting
+- feat: Allow custom Name tag for security group ([#187](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/187))
+
+
 <a name="v3.15.0"></a>
 ## [v3.15.0] - 2020-08-13
 
@@ -451,7 +458,8 @@ All notable changes to this project will be documented in this file.
 - Initial commit
 
 
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.15.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.16.0...HEAD
+[v3.16.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.15.0...v3.16.0
 [v3.15.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.14.0...v3.15.0
 [v3.14.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.13.0...v3.14.0
 [v3.13.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.12.0...v3.13.0