From 2a72328b0ff614c7074df81a42969e30302b5ab5 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 27 May 2019 00:03:51 +0300 Subject: [PATCH] Upgrade module to support Terraform 0.12 (#120) --- .chglog/CHANGELOG.tpl.md | 51 ++ .chglog/config.yml | 10 + .pre-commit-config.yaml | 2 +- CHANGELOG.md | 409 ++++++++++++ Makefile | 7 + README.md | 6 + examples/complete/main.tf | 35 +- examples/complete/outputs.tf | 11 +- examples/computed/main.tf | 11 +- examples/computed/outputs.tf | 11 +- examples/disabled/main.tf | 7 +- examples/disabled/outputs.tf | 3 +- examples/dynamic/main.tf | 7 +- examples/dynamic/outputs.tf | 11 +- examples/http/main.tf | 25 +- examples/http/outputs.tf | 11 +- main.tf | 823 +++++++++++++++++++------ modules/_templates/main.tf | 86 ++- modules/_templates/outputs.tf | 10 +- modules/_templates/variables.tf | 54 ++ modules/carbon-relay-ng/README.md | 84 +-- modules/carbon-relay-ng/auto_values.tf | 26 +- modules/carbon-relay-ng/main.tf | 86 ++- modules/carbon-relay-ng/outputs.tf | 11 +- modules/carbon-relay-ng/variables.tf | 54 ++ modules/cassandra/README.md | 84 +-- modules/cassandra/auto_values.tf | 26 +- modules/cassandra/main.tf | 86 ++- modules/cassandra/outputs.tf | 11 +- modules/cassandra/variables.tf | 54 ++ modules/consul/README.md | 84 +-- modules/consul/auto_values.tf | 26 +- modules/consul/main.tf | 86 ++- modules/consul/outputs.tf | 11 +- modules/consul/variables.tf | 54 ++ modules/docker-swarm/README.md | 84 +-- modules/docker-swarm/auto_values.tf | 26 +- modules/docker-swarm/main.tf | 86 ++- modules/docker-swarm/outputs.tf | 11 +- modules/docker-swarm/variables.tf | 54 ++ modules/elasticsearch/README.md | 84 +-- modules/elasticsearch/auto_values.tf | 26 +- modules/elasticsearch/main.tf | 86 ++- modules/elasticsearch/outputs.tf | 11 +- modules/elasticsearch/variables.tf | 54 ++ modules/http-80/README.md | 84 +-- modules/http-80/auto_values.tf | 26 +- modules/http-80/main.tf | 86 ++- modules/http-80/outputs.tf | 11 +- modules/http-80/variables.tf | 54 ++ modules/http-8080/README.md | 84 +-- modules/http-8080/auto_values.tf | 26 +- modules/http-8080/main.tf | 86 ++- modules/http-8080/outputs.tf | 11 +- modules/http-8080/variables.tf | 54 ++ modules/https-443/README.md | 84 +-- modules/https-443/auto_values.tf | 26 +- modules/https-443/main.tf | 86 ++- modules/https-443/outputs.tf | 11 +- modules/https-443/variables.tf | 54 ++ modules/https-8443/README.md | 84 +-- modules/https-8443/auto_values.tf | 26 +- modules/https-8443/main.tf | 86 ++- modules/https-8443/outputs.tf | 11 +- modules/https-8443/variables.tf | 54 ++ modules/ipsec-4500/README.md | 84 +-- modules/ipsec-4500/auto_values.tf | 26 +- modules/ipsec-4500/main.tf | 86 ++- modules/ipsec-4500/outputs.tf | 11 +- modules/ipsec-4500/variables.tf | 54 ++ modules/ipsec-500/README.md | 84 +-- modules/ipsec-500/auto_values.tf | 26 +- modules/ipsec-500/main.tf | 86 ++- modules/ipsec-500/outputs.tf | 11 +- modules/ipsec-500/variables.tf | 54 ++ modules/kafka/README.md | 84 +-- modules/kafka/auto_values.tf | 26 +- modules/kafka/main.tf | 86 ++- modules/kafka/outputs.tf | 11 +- modules/kafka/variables.tf | 54 ++ modules/ldaps/README.md | 84 +-- modules/ldaps/auto_values.tf | 26 +- modules/ldaps/main.tf | 86 ++- modules/ldaps/outputs.tf | 11 +- modules/ldaps/variables.tf | 54 ++ modules/memcached/README.md | 84 +-- modules/memcached/auto_values.tf | 26 +- modules/memcached/main.tf | 86 ++- modules/memcached/outputs.tf | 11 +- modules/memcached/variables.tf | 54 ++ modules/mongodb/README.md | 84 +-- modules/mongodb/auto_values.tf | 26 +- modules/mongodb/main.tf | 86 ++- modules/mongodb/outputs.tf | 11 +- modules/mongodb/variables.tf | 54 ++ modules/mssql/README.md | 84 +-- modules/mssql/auto_values.tf | 26 +- modules/mssql/main.tf | 86 ++- modules/mssql/outputs.tf | 11 +- modules/mssql/variables.tf | 54 ++ modules/mysql/README.md | 84 +-- modules/mysql/auto_values.tf | 26 +- modules/mysql/main.tf | 86 ++- modules/mysql/outputs.tf | 11 +- modules/mysql/variables.tf | 54 ++ modules/nfs/README.md | 84 +-- modules/nfs/auto_values.tf | 26 +- modules/nfs/main.tf | 86 ++- modules/nfs/outputs.tf | 11 +- modules/nfs/variables.tf | 54 ++ modules/nomad/README.md | 84 +-- modules/nomad/auto_values.tf | 26 +- modules/nomad/main.tf | 86 ++- modules/nomad/outputs.tf | 11 +- modules/nomad/variables.tf | 54 ++ modules/ntp/README.md | 84 +-- modules/ntp/auto_values.tf | 26 +- modules/ntp/main.tf | 86 ++- modules/ntp/outputs.tf | 11 +- modules/ntp/variables.tf | 54 ++ modules/openvpn/README.md | 84 +-- modules/openvpn/auto_values.tf | 26 +- modules/openvpn/main.tf | 86 ++- modules/openvpn/outputs.tf | 11 +- modules/openvpn/variables.tf | 54 ++ modules/oracle-db/README.md | 84 +-- modules/oracle-db/auto_values.tf | 26 +- modules/oracle-db/main.tf | 86 ++- modules/oracle-db/outputs.tf | 11 +- modules/oracle-db/variables.tf | 54 ++ modules/postgresql/README.md | 84 +-- modules/postgresql/auto_values.tf | 26 +- modules/postgresql/main.tf | 86 ++- modules/postgresql/outputs.tf | 11 +- modules/postgresql/variables.tf | 54 ++ modules/puppet/README.md | 84 +-- modules/puppet/auto_values.tf | 26 +- modules/puppet/main.tf | 86 ++- modules/puppet/outputs.tf | 11 +- modules/puppet/variables.tf | 54 ++ modules/rabbitmq/README.md | 84 +-- modules/rabbitmq/auto_values.tf | 26 +- modules/rabbitmq/main.tf | 86 ++- modules/rabbitmq/outputs.tf | 11 +- modules/rabbitmq/variables.tf | 54 ++ modules/rdp/README.md | 84 +-- modules/rdp/auto_values.tf | 26 +- modules/rdp/main.tf | 86 ++- modules/rdp/outputs.tf | 11 +- modules/rdp/variables.tf | 54 ++ modules/redis/README.md | 84 +-- modules/redis/auto_values.tf | 26 +- modules/redis/main.tf | 86 ++- modules/redis/outputs.tf | 11 +- modules/redis/variables.tf | 54 ++ modules/redshift/README.md | 84 +-- modules/redshift/auto_values.tf | 26 +- modules/redshift/main.tf | 86 ++- modules/redshift/outputs.tf | 11 +- modules/redshift/variables.tf | 54 ++ modules/splunk/README.md | 84 +-- modules/splunk/auto_values.tf | 26 +- modules/splunk/main.tf | 86 ++- modules/splunk/outputs.tf | 11 +- modules/splunk/variables.tf | 54 ++ modules/squid/README.md | 84 +-- modules/squid/auto_values.tf | 26 +- modules/squid/main.tf | 86 ++- modules/squid/outputs.tf | 11 +- modules/squid/variables.tf | 54 ++ modules/ssh/README.md | 84 +-- modules/ssh/auto_values.tf | 26 +- modules/ssh/main.tf | 86 ++- modules/ssh/outputs.tf | 11 +- modules/ssh/variables.tf | 54 ++ modules/storm/README.md | 84 +-- modules/storm/auto_values.tf | 26 +- modules/storm/main.tf | 86 ++- modules/storm/outputs.tf | 11 +- modules/storm/variables.tf | 54 ++ modules/web/README.md | 84 +-- modules/web/auto_values.tf | 26 +- modules/web/main.tf | 86 ++- modules/web/outputs.tf | 11 +- modules/web/variables.tf | 54 ++ modules/winrm/README.md | 84 +-- modules/winrm/auto_values.tf | 26 +- modules/winrm/main.tf | 86 ++- modules/winrm/outputs.tf | 11 +- modules/winrm/variables.tf | 54 ++ modules/zipkin/README.md | 84 +-- modules/zipkin/auto_values.tf | 26 +- modules/zipkin/main.tf | 86 ++- modules/zipkin/outputs.tf | 11 +- modules/zipkin/variables.tf | 54 ++ modules/zookeeper/README.md | 84 +-- modules/zookeeper/auto_values.tf | 26 +- modules/zookeeper/main.tf | 86 ++- modules/zookeeper/outputs.tf | 11 +- modules/zookeeper/variables.tf | 54 ++ outputs.tf | 33 +- rules.tf | 75 +-- update_groups.sh | 32 +- variables.tf | 42 ++ 204 files changed, 5621 insertions(+), 5547 deletions(-) create mode 100644 .chglog/CHANGELOG.tpl.md create mode 100644 .chglog/config.yml create mode 100644 CHANGELOG.md create mode 100644 Makefile diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md new file mode 100644 index 00000000..389f9114 --- /dev/null +++ b/.chglog/CHANGELOG.tpl.md @@ -0,0 +1,51 @@ +{{ if .Versions -}} + +## [Unreleased] +{{ if .Unreleased.CommitGroups -}} +{{ range .Unreleased.CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Unreleased.Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ end -}} + +{{ range .Versions }} + +## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }} +{{ if .CommitGroups -}} +{{ range .CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} + +{{- if .NoteGroups -}} +{{ range .NoteGroups -}} +### {{ .Title }} +{{ range .Notes }} +{{ .Body }} +{{ end }} +{{ end -}} +{{ end -}} +{{ end -}} + +{{- if .Versions }} +[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD +{{ range .Versions -}} +{{ if .Tag.Previous -}} +[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }} +{{ end -}} +{{ end -}} +{{ end -}} \ No newline at end of file diff --git a/.chglog/config.yml b/.chglog/config.yml new file mode 100644 index 00000000..51beade7 --- /dev/null +++ b/.chglog/config.yml @@ -0,0 +1,10 @@ +style: github +template: CHANGELOG.tpl.md +info: + title: CHANGELOG + repository_url: https://github.com/terraform-aws-modules/terraform-aws-security-group +options: + header: + pattern: "^(.*)$" + pattern_maps: + - Subject diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c8299b7a..284326ea 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,7 +3,7 @@ repos: rev: v1.8.1 hooks: - id: terraform_fmt - - id: terraform_docs +# - id: terraform_docs # not yet compatible with Terraform 0.12 - repo: git://github.com/pre-commit/pre-commit-hooks rev: v2.1.0 hooks: diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..3d2f49ce --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,409 @@ + +## [Unreleased] + + + + +## [v3.0.0] - 2019-05-26 + +- Upgrade module to support Terraform 0.12 +- run terraform 0.12upgrade on modules +- update examples for 0.12 +- set var types +- run upgrade tool + + + +## [v2.17.0] - 2019-04-26 + +- Added puppet as auto_group +- Add rule for PuppetDB TCP ([#113](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/113)) + + + +## [v2.16.0] - 2019-03-21 + +- Updated README after [#110](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/110) +- add rabbitmq discovery epmd port 4369 ([#110](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/110)) + + + +## [v2.15.0] - 2019-03-08 + +- Fixed rabbitmq port (closes [#107](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/107)) + + + +## [v2.14.0] - 2019-02-17 + +- Updated docs after [#104](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/104) +- Merge pull request [#104](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/104) from mvasilenko/add-mongodb-cluster-rules +- add rules for MongoDB cluster ports + + + +## [v2.13.0] - 2019-02-06 + +- Run pre-commit +- Merge pull request [#102](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/102) from mvasilenko/add-rabbitmq-to-rules-tf +- add rule for rabbitmq + + + +## [v2.12.0] - 2019-02-06 + +- Run pre-commit +- Merge pull request [#100](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/100) from mvasilenko/add-mongodb-to-rules-tf +- add name rule for mongodb + + + +## [v2.11.0] - 2019-01-17 + +- Added http-8080 and https-8443 ports +- Added entry for 8443 ([#98](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/98)) + + + +## [v2.10.0] - 2018-12-28 + +- Allow use_name_prefix override in submodules ([#95](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/95)) + + + +## [v2.9.0] - 2018-10-17 + +- Fixed README after terraform-docs + + + +## [v2.8.0] - 2018-10-17 + +- Add a rule for consul CLI RPC ([#83](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/83)) + + + +## [v2.7.0] - 2018-10-11 + +- Added missing files for ntp rules +- Added NTP rule ([#71](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/71)) + + + +## [v2.6.0] - 2018-10-11 + +- Fixed formatting +- Extended Splunk module to includ HEC ([#81](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/81)) + + + +## [v2.5.0] - 2018-09-12 + +- Cleanup after [#74](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/74) +- Make use of name_prefix optional ([#74](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/74)) + + + +## [v2.4.0] - 2018-09-05 + +- Using name_prefix instead of name to allow creation of duplicated with create_before_destroy (fix [#40](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/40)) + + + +## [v2.3.0] - 2018-09-04 + +- Added lifecycle create_before_destroy on aws_security_group (fixed [#40](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/40)) + + + +## [v2.2.0] - 2018-08-23 + +- Added squid to auto_groups and ran update_groups.sh +- Add squid proxy to rules.tf ([#70](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/70)) +- Fix source of predefined rule example ([#69](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/69)) + + + +## [v2.1.0] - 2018-06-20 + +- Evaluate var.create variable to set count to 1 or 0 ([#62](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/62)) + + + +## [v2.0.0] - 2018-05-29 + +- README fixes +- README fixes +- Merge remote-tracking branch 'origin/computed_values' +- Fix to allow computed values in arguments ([#61](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/61)) +- Fix to allow computed values in arguments + + + +## [v1.25.0] - 2018-05-17 + +- Ran pre-commit hook to get formatting and documentation in place +- Added WinRM Ports ([#60](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/60)) + + + +## [v1.24.0] - 2018-05-16 + +- Added pre-commit hook to autogenerate terraform-docs ([#59](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/59)) + + + +## [v1.23.0] - 2018-05-14 + +- Added dynamic example ([#57](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/57)) + + + +## [v1.22.0] - 2018-04-23 + +- Not ignore changes in rules description ([#52](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/52)) + + + +## [v1.21.0] - 2018-04-17 + +- Adds Oracle database port ([#51](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/51)) + + + +## [v1.20.0] - 2018-03-06 + +- Updated links in readme files + + + +## [v1.19.0] - 2018-03-02 + +- Removed readme from private module + + + +## [v1.18.0] - 2018-03-02 + +- Added README to all modules ([#45](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/45)) + + + +## [v1.17.0] - 2018-03-02 + +- Added Splunk ports ([#44](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/44)) + + + +## [v1.16.0] - 2018-03-02 + +- Fix openvpn rule name mismatch ([#43](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/43)) + + + +## [v1.15.0] - 2018-02-08 + +- added rdp-udp, fixed typo in mssql-broker-tcp ([#37](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/37)) + + + +## [v1.14.0] - 2018-02-05 + +- Added pre-commit and minor update of version in readme + + + +## [v1.13.0] - 2018-01-19 + +- Adding RDP and updating MSSQL service ports. ([#35](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/35)) + + + +## [v1.12.0] - 2018-01-16 + +- Workaround for bug when updating description of a rule with protocol all ([#34](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/34)) + + + +## [v1.11.1] - 2018-01-16 + +- cosmetics ([#33](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/33)) + + + +## [v1.11.0] - 2018-01-12 + +- Revert "Specify minimum required version of AWS provider ([#30](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/30))" ([#32](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/32)) + + + +## [v1.10.0] - 2018-01-11 + +- Specify minimum required version of AWS provider ([#30](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/30)) + + + +## [v1.9.0] - 2018-01-10 + +- Fixed redshift by running update_rules script +- Add redshift tcp port ([#24](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/24)) + + + +## [v1.8.0] - 2018-01-10 + +- Add support for Rule descriptions with a safe default value ([#27](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/27)) + + + +## [v1.7.0] - 2018-01-10 + +- Add NFS tcp port ([#28](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/28)) +- [ci skip] Get more Open Source Helpers ([#26](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/26)) + + + +## [v1.6.0] - 2017-11-24 + +- Fixed formatting +- Add IPSEC to rules.tf ([#23](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/23)) + + + +## [v1.5.1] - 2017-11-23 + +- formatting to help downstream depedent modules pass when running CI ([#22](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/22)) + + + +## [v1.5.0] - 2017-11-20 + +- Removed outputs of ingress and egress rules, because of complex types + + + +## [v1.4.0] - 2017-11-16 + +- Fixed outputs when security group is not created + + + +## [v1.3.0] - 2017-11-15 + +- Added possibility to create resources conditionally ([#20](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/20)) + + + +## [v1.2.2] - 2017-11-15 + +- Fixed autogenerated templates to include ipv6 rules also ([#19](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/19)) + + + +## [v1.2.1] - 2017-11-13 + +- Update README with calculated variable limitation ([#18](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/18)) + + + +## [v1.2.0] - 2017-11-03 + +- Make IPV6 really optional ([#15](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/15)) + + + +## [v1.1.4] - 2017-10-26 + +- Merge pull request [#13](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/13) from Shapeways/master +- Merge branch 'master' of github.com:Shapeways/terraform-aws-security-group +- Add Puppet to rules.tf +- Merge pull request [#1](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/1) from terraform-aws-modules/master + + + +## [v1.1.3] - 2017-10-20 + +- Merge pull request [#9](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/9) from Shapeways/master +- Add DNS udp and tcp to rules. + + + +## [v1.1.2] - 2017-10-14 + +- Fixed all-icmp ports (closes [#7](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/7)) + + + +## [v1.1.1] - 2017-10-11 + +- Merge pull request [#5](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/5) from grem11n/master +- Update default all-all rule + + + +## [v1.1.0] - 2017-10-06 + +- Merge pull request [#3](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/3) from terraform-aws-modules/remove_default_ip_cidrs +- Removed default cidr for ingress rules, fixed self variable name + + + +## v1.0.0 - 2017-10-04 + +- Fixed [#1](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/1) - done +- Initial commit + + +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v3.0.0...HEAD +[v3.0.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.17.0...v3.0.0 +[v2.17.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.16.0...v2.17.0 +[v2.16.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.15.0...v2.16.0 +[v2.15.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.14.0...v2.15.0 +[v2.14.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.13.0...v2.14.0 +[v2.13.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.12.0...v2.13.0 +[v2.12.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.11.0...v2.12.0 +[v2.11.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.10.0...v2.11.0 +[v2.10.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.9.0...v2.10.0 +[v2.9.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.8.0...v2.9.0 +[v2.8.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.7.0...v2.8.0 +[v2.7.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.6.0...v2.7.0 +[v2.6.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.5.0...v2.6.0 +[v2.5.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.4.0...v2.5.0 +[v2.4.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.3.0...v2.4.0 +[v2.3.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.2.0...v2.3.0 +[v2.2.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.1.0...v2.2.0 +[v2.1.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v2.0.0...v2.1.0 +[v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.25.0...v2.0.0 +[v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.24.0...v1.25.0 +[v1.24.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.23.0...v1.24.0 +[v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.22.0...v1.23.0 +[v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.21.0...v1.22.0 +[v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.20.0...v1.21.0 +[v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.19.0...v1.20.0 +[v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.18.0...v1.19.0 +[v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.17.0...v1.18.0 +[v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.16.0...v1.17.0 +[v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.15.0...v1.16.0 +[v1.15.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.14.0...v1.15.0 +[v1.14.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.13.0...v1.14.0 +[v1.13.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.12.0...v1.13.0 +[v1.12.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.11.1...v1.12.0 +[v1.11.1]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.11.0...v1.11.1 +[v1.11.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.10.0...v1.11.0 +[v1.10.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.9.0...v1.10.0 +[v1.9.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.8.0...v1.9.0 +[v1.8.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.7.0...v1.8.0 +[v1.7.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.6.0...v1.7.0 +[v1.6.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.5.1...v1.6.0 +[v1.5.1]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.5.0...v1.5.1 +[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.4.0...v1.5.0 +[v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.3.0...v1.4.0 +[v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.2.2...v1.3.0 +[v1.2.2]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.2.1...v1.2.2 +[v1.2.1]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.2.0...v1.2.1 +[v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.1.4...v1.2.0 +[v1.1.4]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.1.3...v1.1.4 +[v1.1.3]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.1.2...v1.1.3 +[v1.1.2]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.1.1...v1.1.2 +[v1.1.1]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.1.0...v1.1.1 +[v1.1.0]: https://github.com/terraform-aws-modules/terraform-aws-security-group/compare/v1.0.0...v1.1.0 diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..558dac5a --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +.PHONY: changelog release + +changelog: + git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o` + +release: + semtag final -s minor diff --git a/README.md b/README.md index 090029bb..fab495c3 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,12 @@ Ingress and egress rules can be configured in a variety of ways. See [inputs sec If there is a missing feature or a bug - [open an issue](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/new). +## Terraform versions + +For Terraform 0.12 use version `v3.*` of this module. + +If you are using Terraform 0.11 you can use versions `v2.*`. + ## Usage There are two ways to create security groups using this module: diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d793dafb..40647262 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,5 +1,11 @@ provider "aws" { region = "eu-west-1" + + skip_credentials_validation = true + skip_requesting_account_id = true + skip_get_ec2_platforms = true + skip_metadata_api_check = true + skip_region_validation = true } ############################################################# @@ -11,7 +17,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ################################################## @@ -32,7 +38,7 @@ module "main_sg" { name = "main-sg" description = "Security group which is used as an argument in complete-sg" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["10.10.0.0/16"] ingress_rules = ["https-443-tcp"] @@ -46,7 +52,7 @@ module "complete_sg" { name = "complete-sg" description = "Security group with all available arguments set (this is just an example)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id tags = { Cash = "king" @@ -97,7 +103,7 @@ module "complete_sg" { to_port = 25 protocol = 6 description = "Service name with vpc cidr" - cidr_blocks = "${module.vpc.vpc_cidr_block}" + cidr_blocks = module.vpc.vpc_cidr_block }, ] @@ -130,28 +136,28 @@ module "complete_sg" { ingress_with_source_security_group_id = [ { rule = "mysql-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, { from_port = 10 to_port = 10 protocol = 6 description = "Service name" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] computed_ingress_with_source_security_group_id = [ { rule = "postgresql-tcp" - source_security_group_id = "${module.main_sg.this_security_group_id}" + source_security_group_id = module.main_sg.this_security_group_id }, { from_port = 23 to_port = 23 protocol = 6 description = "Service name" - source_security_group_id = "${module.main_sg.this_security_group_id}" + source_security_group_id = module.main_sg.this_security_group_id }, ] @@ -225,7 +231,7 @@ module "complete_sg" { computed_egress_with_cidr_blocks = [ { rule = "https-443-tcp" - cidr_blocks = "${module.vpc.vpc_cidr_block}" + cidr_blocks = module.vpc.vpc_cidr_block }, ] @@ -258,21 +264,21 @@ module "complete_sg" { egress_with_source_security_group_id = [ { rule = "mysql-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, { from_port = 10 to_port = 10 protocol = 6 description = "Service name" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] computed_egress_with_source_security_group_id = [ { rule = "postgresql-tcp" - source_security_group_id = "${module.main_sg.this_security_group_id}" + source_security_group_id = module.main_sg.this_security_group_id }, ] @@ -315,7 +321,7 @@ module "ipv4_ipv6_example" { name = "ipv4-ipv6-example" description = "IPv4 and IPv6 example" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_with_cidr_blocks = [ { @@ -366,10 +372,11 @@ module "fixed_name_sg" { name = "fixed-name-sg" description = "Security group with fixed name" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id use_name_prefix = false ingress_cidr_blocks = ["10.10.0.0/16"] ingress_rules = ["https-443-tcp"] } + diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 94167eee..7a62cd15 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.complete_sg.this_security_group_id}" + value = module.complete_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.complete_sg.this_security_group_vpc_id}" + value = module.complete_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.complete_sg.this_security_group_owner_id}" + value = module.complete_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.complete_sg.this_security_group_name}" + value = module.complete_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.complete_sg.this_security_group_description}" + value = module.complete_sg.this_security_group_description } + diff --git a/examples/computed/main.tf b/examples/computed/main.tf index 2bba4015..104349e0 100644 --- a/examples/computed/main.tf +++ b/examples/computed/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ########################### @@ -22,14 +22,14 @@ module "http_sg" { name = "computed-http-sg" description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] ingress_with_source_security_group_id = [ { rule = "https-443-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] } @@ -39,16 +39,17 @@ module "mysql_sg" { name = "computed-mysql-sg" description = "Security group with MySQL/Aurora port open for HTTP security group created above (computed)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] computed_ingress_with_source_security_group_id = [ { rule = "mysql-tcp" - source_security_group_id = "${module.http_sg.this_security_group_id}" + source_security_group_id = module.http_sg.this_security_group_id }, ] number_of_computed_ingress_with_source_security_group_id = 1 } + diff --git a/examples/computed/outputs.tf b/examples/computed/outputs.tf index 72082fc0..84d34288 100644 --- a/examples/computed/outputs.tf +++ b/examples/computed/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.mysql_sg.this_security_group_id}" + value = module.mysql_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.mysql_sg.this_security_group_vpc_id}" + value = module.mysql_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.mysql_sg.this_security_group_owner_id}" + value = module.mysql_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.mysql_sg.this_security_group_name}" + value = module.mysql_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.mysql_sg.this_security_group_description}" + value = module.mysql_sg.this_security_group_description } + diff --git a/examples/disabled/main.tf b/examples/disabled/main.tf index d26cf73a..7894bfb0 100644 --- a/examples/disabled/main.tf +++ b/examples/disabled/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ######################################################## @@ -23,7 +23,7 @@ module "complete_sg_disabled" { create = false name = "complete-sg" description = "Security group with all available arguments set (this is just an example)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] } @@ -34,7 +34,8 @@ module "http_sg_disabled" { create = false name = "http-sg" description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] } + diff --git a/examples/disabled/outputs.tf b/examples/disabled/outputs.tf index 9af75613..0730ce82 100644 --- a/examples/disabled/outputs.tf +++ b/examples/disabled/outputs.tf @@ -1,4 +1,5 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.complete_sg_disabled.this_security_group_id}" + value = module.complete_sg_disabled.this_security_group_id } + diff --git a/examples/dynamic/main.tf b/examples/dynamic/main.tf index c6b29969..686239ef 100644 --- a/examples/dynamic/main.tf +++ b/examples/dynamic/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ########################### @@ -26,14 +26,15 @@ module "http_sg" { name = "dynamic-http-sg" description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] ingress_with_source_security_group_id = [ { rule = "https-443-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] } + diff --git a/examples/dynamic/outputs.tf b/examples/dynamic/outputs.tf index 18034a7d..5f398aca 100644 --- a/examples/dynamic/outputs.tf +++ b/examples/dynamic/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.http_sg.this_security_group_id}" + value = module.http_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.http_sg.this_security_group_vpc_id}" + value = module.http_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.http_sg.this_security_group_owner_id}" + value = module.http_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.http_sg.this_security_group_name}" + value = module.http_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.http_sg.this_security_group_description}" + value = module.http_sg.this_security_group_description } + diff --git a/examples/http/main.tf b/examples/http/main.tf index 661f31e1..666d6042 100644 --- a/examples/http/main.tf +++ b/examples/http/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ########################### @@ -26,7 +26,7 @@ module "http_sg" { name = "http-sg" description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] } @@ -41,7 +41,7 @@ module "http_mysql_1_sg" { use_name_prefix = false description = "Security group with HTTP and MySQL ports open for everybody (IPv4 CIDR)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] @@ -57,14 +57,14 @@ module "http_mysql_2_sg" { name = "http-mysql-2" description = "Security group with HTTP and MySQL ports open within current VPC" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id # Add mysql rules ingress_rules = ["mysql-tcp"] # Allow ingress rules to be accessed only within current VPC - ingress_cidr_blocks = ["${data.aws_vpc.default.cidr_block}"] - ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] + ingress_cidr_blocks = [data.aws_vpc.default.cidr_block] + ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] } ########################### @@ -75,10 +75,10 @@ module "http_with_egress_minimal_sg" { name = "http-with-egress-minimal" description = "Security group with HTTP ports open within current VPC, and allow egress access to HTTP ports to the whole world" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id # Allow ingress rules to be accessed only within current VPC - ingress_cidr_blocks = ["${data.aws_vpc.default.cidr_block}"] + ingress_cidr_blocks = [data.aws_vpc.default.cidr_block] # Allow all rules for all protocols egress_rules = ["http-80-tcp"] @@ -92,16 +92,17 @@ module "http_with_egress_sg" { name = "http-with-egress" description = "Security group with HTTP ports open within current VPC, and allow egress access just to small subnet" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id # Add mysql rules ingress_rules = ["mysql-tcp"] # Allow ingress rules to be accessed only within current VPC - ingress_cidr_blocks = ["${data.aws_vpc.default.cidr_block}"] - ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] + ingress_cidr_blocks = [data.aws_vpc.default.cidr_block] + ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] # Allow egress rules to access anything (empty list means everything) egress_cidr_blocks = ["10.10.10.0/28"] - egress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] + egress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] } + diff --git a/examples/http/outputs.tf b/examples/http/outputs.tf index 18034a7d..5f398aca 100644 --- a/examples/http/outputs.tf +++ b/examples/http/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.http_sg.this_security_group_id}" + value = module.http_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.http_sg.this_security_group_vpc_id}" + value = module.http_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.http_sg.this_security_group_owner_id}" + value = module.http_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.http_sg.this_security_group_name}" + value = module.http_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.http_sg.this_security_group_description}" + value = module.http_sg.this_security_group_description } + diff --git a/main.tf b/main.tf index fe7ee153..47466477 100644 --- a/main.tf +++ b/main.tf @@ -2,33 +2,47 @@ # Get ID of created Security Group ################################## locals { - this_sg_id = "${element(concat(coalescelist(aws_security_group.this.*.id, aws_security_group.this_name_prefix.*.id), list("")), 0)}" + this_sg_id = concat( + aws_security_group.this.*.id, + aws_security_group.this_name_prefix.*.id, + [""], + )[0] } ########################## # Security group with name ########################## resource "aws_security_group" "this" { - count = "${var.create && ! var.use_name_prefix ? 1 : 0}" - - name = "${var.name}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - - tags = "${merge(var.tags, map("Name", format("%s", var.name)))}" + count = var.create && false == var.use_name_prefix ? 1 : 0 + + name = var.name + description = var.description + vpc_id = var.vpc_id + + tags = merge( + var.tags, + { + "Name" = format("%s", var.name) + }, + ) } ################################# # Security group with name_prefix ################################# resource "aws_security_group" "this_name_prefix" { - count = "${var.create && var.use_name_prefix ? 1 : 0}" + count = var.create && var.use_name_prefix ? 1 : 0 name_prefix = "${var.name}-" - description = "${var.description}" - vpc_id = "${var.vpc_id}" + description = var.description + vpc_id = var.vpc_id - tags = "${merge(var.tags, map("Name", format("%s", var.name)))}" + tags = merge( + var.tags, + { + "Name" = format("%s", var.name) + }, + ) lifecycle { create_before_destroy = true @@ -40,36 +54,36 @@ resource "aws_security_group" "this_name_prefix" { ################################### # Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "ingress_rules" { - count = "${var.create ? length(var.ingress_rules) : 0}" + count = var.create ? length(var.ingress_rules) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${var.ingress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${element(var.rules[var.ingress_rules[count.index]], 3)}" + cidr_blocks = var.ingress_cidr_blocks + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = var.rules[var.ingress_rules[count.index]][3] - from_port = "${element(var.rules[var.ingress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.ingress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.ingress_rules[count.index]], 2)}" + from_port = var.rules[var.ingress_rules[count.index]][0] + to_port = var.rules[var.ingress_rules[count.index]][1] + protocol = var.rules[var.ingress_rules[count.index]][2] } # Computed - Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "computed_ingress_rules" { - count = "${var.create ? var.number_of_computed_ingress_rules : 0}" + count = var.create ? var.number_of_computed_ingress_rules : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${var.ingress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${element(var.rules[var.computed_ingress_rules[count.index]], 3)}" + cidr_blocks = var.ingress_cidr_blocks + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = var.rules[var.computed_ingress_rules[count.index]][3] - from_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.computed_ingress_rules[count.index]], 2)}" + from_port = var.rules[var.computed_ingress_rules[count.index]][0] + to_port = var.rules[var.computed_ingress_rules[count.index]][1] + protocol = var.rules[var.computed_ingress_rules[count.index]][2] } ########################## @@ -77,134 +91,338 @@ resource "aws_security_group_rule" "computed_ingress_rules" { ########################## # Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "ingress_with_source_security_group_id" { - count = "${var.create ? length(var.ingress_with_source_security_group_id) : 0}" + count = var.create ? length(var.ingress_with_source_security_group_id) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - source_security_group_id = "${lookup(var.ingress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_source_security_group_id[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.ingress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_source_security_group_id[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_source_security_group_id[count.index], + "from_port", + var.rules[lookup( + var.ingress_with_source_security_group_id[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.ingress_with_source_security_group_id[count.index], + "to_port", + var.rules[lookup( + var.ingress_with_source_security_group_id[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.ingress_with_source_security_group_id[count.index], + "protocol", + var.rules[lookup( + var.ingress_with_source_security_group_id[count.index], + "rule", + "_", + )][2], + ) } # Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id" { - count = "${var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0}" + count = var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - source_security_group_id = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.computed_ingress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "from_port", + var.rules[lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "to_port", + var.rules[lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "protocol", + var.rules[lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "rule", + "_", + )][2], + ) } # Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "ingress_with_cidr_blocks" { - count = "${var.create ? length(var.ingress_with_cidr_blocks) : 0}" + count = var.create ? length(var.ingress_with_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${split(",", lookup(var.ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.ingress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.ingress_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_cidr_blocks[count.index], + "from_port", + var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.ingress_with_cidr_blocks[count.index], + "to_port", + var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.ingress_with_cidr_blocks[count.index], + "protocol", + var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")][2], + ) } # Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" { - count = "${var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.ingress_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "from_port", + var.rules[lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "to_port", + var.rules[lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "protocol", + var.rules[lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "rule", + "_", + )][2], + ) } # Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" { - count = "${var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0}" + count = var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - ipv6_cidr_blocks = ["${split(",", lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.ingress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "from_port", + var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "to_port", + var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "protocol", + var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")][2], + ) } # Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" { - count = "${var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.ingress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "from_port", + var.rules[lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "to_port", + var.rules[lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "protocol", + var.rules[lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )][2], + ) } # Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "ingress_with_self" { - count = "${var.create ? length(var.ingress_with_self) : 0}" + count = var.create ? length(var.ingress_with_self) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - self = "${lookup(var.ingress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_self[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_self[count.index], "from_port", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_self[count.index], "to_port", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.ingress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_self[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_self[count.index], + "from_port", + var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.ingress_with_self[count.index], + "to_port", + var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.ingress_with_self[count.index], + "protocol", + var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")][2], + ) } # Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "computed_ingress_with_self" { - count = "${var.create ? var.number_of_computed_ingress_with_self : 0}" + count = var.create ? var.number_of_computed_ingress_with_self : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - self = "${lookup(var.computed_ingress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_self[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.computed_ingress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_self[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_self[count.index], + "from_port", + var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.computed_ingress_with_self[count.index], + "to_port", + var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.computed_ingress_with_self[count.index], + "protocol", + var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")][2], + ) } ################# @@ -216,36 +434,36 @@ resource "aws_security_group_rule" "computed_ingress_with_self" { ################################## # Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "egress_rules" { - count = "${var.create ? length(var.egress_rules) : 0}" + count = var.create ? length(var.egress_rules) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${var.egress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${element(var.rules[var.egress_rules[count.index]], 3)}" + cidr_blocks = var.egress_cidr_blocks + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = var.rules[var.egress_rules[count.index]][3] - from_port = "${element(var.rules[var.egress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.egress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.egress_rules[count.index]], 2)}" + from_port = var.rules[var.egress_rules[count.index]][0] + to_port = var.rules[var.egress_rules[count.index]][1] + protocol = var.rules[var.egress_rules[count.index]][2] } # Computed - Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "computed_egress_rules" { - count = "${var.create ? var.number_of_computed_egress_rules : 0}" + count = var.create ? var.number_of_computed_egress_rules : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${var.egress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${element(var.rules[var.computed_egress_rules[count.index]], 3)}" + cidr_blocks = var.egress_cidr_blocks + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = var.rules[var.computed_egress_rules[count.index]][3] - from_port = "${element(var.rules[var.computed_egress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.computed_egress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.computed_egress_rules[count.index]], 2)}" + from_port = var.rules[var.computed_egress_rules[count.index]][0] + to_port = var.rules[var.computed_egress_rules[count.index]][1] + protocol = var.rules[var.computed_egress_rules[count.index]][2] } ######################### @@ -253,137 +471,340 @@ resource "aws_security_group_rule" "computed_egress_rules" { ######################### # Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "egress_with_source_security_group_id" { - count = "${var.create ? length(var.egress_with_source_security_group_id) : 0}" + count = var.create ? length(var.egress_with_source_security_group_id) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - source_security_group_id = "${lookup(var.egress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_source_security_group_id[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.egress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_source_security_group_id[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_source_security_group_id[count.index], + "from_port", + var.rules[lookup( + var.egress_with_source_security_group_id[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.egress_with_source_security_group_id[count.index], + "to_port", + var.rules[lookup( + var.egress_with_source_security_group_id[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.egress_with_source_security_group_id[count.index], + "protocol", + var.rules[lookup( + var.egress_with_source_security_group_id[count.index], + "rule", + "_", + )][2], + ) } # Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "computed_egress_with_source_security_group_id" { - count = "${var.create ? var.number_of_computed_egress_with_source_security_group_id : 0}" + count = var.create ? var.number_of_computed_egress_with_source_security_group_id : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - source_security_group_id = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.computed_egress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "from_port", + var.rules[lookup( + var.computed_egress_with_source_security_group_id[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "to_port", + var.rules[lookup( + var.computed_egress_with_source_security_group_id[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "protocol", + var.rules[lookup( + var.computed_egress_with_source_security_group_id[count.index], + "rule", + "_", + )][2], + ) } # Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "egress_with_cidr_blocks" { - count = "${var.create ? length(var.egress_with_cidr_blocks) : 0}" + count = var.create ? length(var.egress_with_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${split(",", lookup(var.egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.egress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.egress_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_cidr_blocks[count.index], + "from_port", + var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.egress_with_cidr_blocks[count.index], + "to_port", + var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.egress_with_cidr_blocks[count.index], + "protocol", + var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")][2], + ) } # Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" { - count = "${var.create ? var.number_of_computed_egress_with_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_egress_with_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.computed_egress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.egress_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "from_port", + var.rules[lookup( + var.computed_egress_with_cidr_blocks[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "to_port", + var.rules[lookup( + var.computed_egress_with_cidr_blocks[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "protocol", + var.rules[lookup( + var.computed_egress_with_cidr_blocks[count.index], + "rule", + "_", + )][2], + ) } # Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" { - count = "${var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0}" + count = var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - ipv6_cidr_blocks = ["${split(",", lookup(var.egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.egress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "from_port", + var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "to_port", + var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "protocol", + var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")][2], + ) } # Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" { - count = "${var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.egress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "from_port", + var.rules[lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )][0], + ) + to_port = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "to_port", + var.rules[lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )][1], + ) + protocol = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "protocol", + var.rules[lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )][2], + ) } # Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "egress_with_self" { - count = "${var.create ? length(var.egress_with_self) : 0}" + count = var.create ? length(var.egress_with_self) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - self = "${lookup(var.egress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_self[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_self[count.index], "from_port", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_self[count.index], "to_port", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_self[count.index], "protocol", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.egress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_self[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_self[count.index], + "from_port", + var.rules[lookup(var.egress_with_self[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.egress_with_self[count.index], + "to_port", + var.rules[lookup(var.egress_with_self[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.egress_with_self[count.index], + "protocol", + var.rules[lookup(var.egress_with_self[count.index], "rule", "_")][2], + ) } # Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "computed_egress_with_self" { - count = "${var.create ? var.number_of_computed_egress_with_self : 0}" + count = var.create ? var.number_of_computed_egress_with_self : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - self = "${lookup(var.computed_egress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_self[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.computed_egress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_self[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_self[count.index], + "from_port", + var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")][0], + ) + to_port = lookup( + var.computed_egress_with_self[count.index], + "to_port", + var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")][1], + ) + protocol = lookup( + var.computed_egress_with_self[count.index], + "protocol", + var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")][2], + ) } ################ # End of egress ################ - diff --git a/modules/_templates/main.tf b/modules/_templates/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/_templates/main.tf +++ b/modules/_templates/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/_templates/outputs.tf b/modules/_templates/outputs.tf index 4129cf93..3d7ad67f 100644 --- a/modules/_templates/outputs.tf +++ b/modules/_templates/outputs.tf @@ -1,24 +1,24 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } diff --git a/modules/_templates/variables.tf b/modules/_templates/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/_templates/variables.tf +++ b/modules/_templates/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/carbon-relay-ng/README.md b/modules/carbon-relay-ng/README.md index 56f80560..1511b863 100644 --- a/modules/carbon-relay-ng/README.md +++ b/modules/carbon-relay-ng/README.md @@ -4,7 +4,8 @@ ```hcl module "carbon_relay-ng_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/carbon-relay-ng" + source = "terraform-aws-modules/security-group/aws//modules/carbon-relay-ng" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "carbon_relay-ng_security_group" { All automatic values **carbon-relay-ng module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/carbon-relay-ng/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/carbon-relay-ng/auto_values.tf b/modules/carbon-relay-ng/auto_values.tf index 42e28091..612ae210 100644 --- a/modules/carbon-relay-ng/auto_values.tf +++ b/modules/carbon-relay-ng/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/carbon-relay-ng/main.tf b/modules/carbon-relay-ng/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/carbon-relay-ng/main.tf +++ b/modules/carbon-relay-ng/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/carbon-relay-ng/outputs.tf b/modules/carbon-relay-ng/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/carbon-relay-ng/outputs.tf +++ b/modules/carbon-relay-ng/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/carbon-relay-ng/variables.tf b/modules/carbon-relay-ng/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/carbon-relay-ng/variables.tf +++ b/modules/carbon-relay-ng/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/cassandra/README.md b/modules/cassandra/README.md index 772bcf88..fc1c3af2 100644 --- a/modules/cassandra/README.md +++ b/modules/cassandra/README.md @@ -4,7 +4,8 @@ ```hcl module "cassandra_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/cassandra" + source = "terraform-aws-modules/security-group/aws//modules/cassandra" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "cassandra_security_group" { All automatic values **cassandra module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/cassandra/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/cassandra/auto_values.tf b/modules/cassandra/auto_values.tf index 8c4dd08f..a3ac7505 100644 --- a/modules/cassandra/auto_values.tf +++ b/modules/cassandra/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/cassandra/main.tf b/modules/cassandra/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/cassandra/main.tf +++ b/modules/cassandra/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/cassandra/outputs.tf b/modules/cassandra/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/cassandra/outputs.tf +++ b/modules/cassandra/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/cassandra/variables.tf b/modules/cassandra/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/cassandra/variables.tf +++ b/modules/cassandra/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/consul/README.md b/modules/consul/README.md index 13cfc2de..28f63884 100644 --- a/modules/consul/README.md +++ b/modules/consul/README.md @@ -4,7 +4,8 @@ ```hcl module "consul_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/consul" + source = "terraform-aws-modules/security-group/aws//modules/consul" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "consul_security_group" { All automatic values **consul module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/consul/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/consul/auto_values.tf b/modules/consul/auto_values.tf index be7b4e15..d36cecc1 100644 --- a/modules/consul/auto_values.tf +++ b/modules/consul/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/consul/main.tf b/modules/consul/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/consul/main.tf +++ b/modules/consul/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/consul/outputs.tf b/modules/consul/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/consul/outputs.tf +++ b/modules/consul/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/consul/variables.tf b/modules/consul/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/consul/variables.tf +++ b/modules/consul/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/docker-swarm/README.md b/modules/docker-swarm/README.md index 60f66771..557a4781 100644 --- a/modules/docker-swarm/README.md +++ b/modules/docker-swarm/README.md @@ -4,7 +4,8 @@ ```hcl module "docker_swarm_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/docker-swarm" + source = "terraform-aws-modules/security-group/aws//modules/docker-swarm" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "docker_swarm_security_group" { All automatic values **docker-swarm module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/docker-swarm/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/docker-swarm/auto_values.tf b/modules/docker-swarm/auto_values.tf index df26e8ce..97f5469e 100644 --- a/modules/docker-swarm/auto_values.tf +++ b/modules/docker-swarm/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/docker-swarm/main.tf b/modules/docker-swarm/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/docker-swarm/main.tf +++ b/modules/docker-swarm/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/docker-swarm/outputs.tf b/modules/docker-swarm/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/docker-swarm/outputs.tf +++ b/modules/docker-swarm/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/docker-swarm/variables.tf b/modules/docker-swarm/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/docker-swarm/variables.tf +++ b/modules/docker-swarm/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/elasticsearch/README.md b/modules/elasticsearch/README.md index 0efbce3a..1b7e51b4 100644 --- a/modules/elasticsearch/README.md +++ b/modules/elasticsearch/README.md @@ -4,7 +4,8 @@ ```hcl module "elasticsearch_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/elasticsearch" + source = "terraform-aws-modules/security-group/aws//modules/elasticsearch" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "elasticsearch_security_group" { All automatic values **elasticsearch module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/elasticsearch/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "elasticsearch-rest-tcp", "elasticsearch-java-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/elasticsearch/auto_values.tf b/modules/elasticsearch/auto_values.tf index 129715a2..12196815 100644 --- a/modules/elasticsearch/auto_values.tf +++ b/modules/elasticsearch/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/elasticsearch/main.tf b/modules/elasticsearch/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/elasticsearch/main.tf +++ b/modules/elasticsearch/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/elasticsearch/outputs.tf b/modules/elasticsearch/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/elasticsearch/outputs.tf +++ b/modules/elasticsearch/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/elasticsearch/variables.tf b/modules/elasticsearch/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/elasticsearch/variables.tf +++ b/modules/elasticsearch/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/http-80/README.md b/modules/http-80/README.md index bcd32bb3..341ff383 100644 --- a/modules/http-80/README.md +++ b/modules/http-80/README.md @@ -4,7 +4,8 @@ ```hcl module "http_80_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/http-80" + source = "terraform-aws-modules/security-group/aws//modules/http-80" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "http_80_security_group" { All automatic values **http-80 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/http-80/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "http-80-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/http-80/auto_values.tf b/modules/http-80/auto_values.tf index 281d3345..c3bc9a6d 100644 --- a/modules/http-80/auto_values.tf +++ b/modules/http-80/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["http-80-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/http-80/main.tf b/modules/http-80/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/http-80/main.tf +++ b/modules/http-80/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/http-80/outputs.tf b/modules/http-80/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/http-80/outputs.tf +++ b/modules/http-80/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/http-80/variables.tf b/modules/http-80/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/http-80/variables.tf +++ b/modules/http-80/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/http-8080/README.md b/modules/http-8080/README.md index 15e14a68..b55aa60f 100644 --- a/modules/http-8080/README.md +++ b/modules/http-8080/README.md @@ -4,7 +4,8 @@ ```hcl module "http_8080_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/http-8080" + source = "terraform-aws-modules/security-group/aws//modules/http-8080" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "http_8080_security_group" { All automatic values **http-8080 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/http-8080/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "http-8080-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/http-8080/auto_values.tf b/modules/http-8080/auto_values.tf index c08c4ce4..16cce5c4 100644 --- a/modules/http-8080/auto_values.tf +++ b/modules/http-8080/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["http-8080-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/http-8080/main.tf b/modules/http-8080/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/http-8080/main.tf +++ b/modules/http-8080/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/http-8080/outputs.tf b/modules/http-8080/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/http-8080/outputs.tf +++ b/modules/http-8080/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/http-8080/variables.tf b/modules/http-8080/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/http-8080/variables.tf +++ b/modules/http-8080/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/https-443/README.md b/modules/https-443/README.md index cedd8eac..d2afd22b 100644 --- a/modules/https-443/README.md +++ b/modules/https-443/README.md @@ -4,7 +4,8 @@ ```hcl module "https_443_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/https-443" + source = "terraform-aws-modules/security-group/aws//modules/https-443" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "https_443_security_group" { All automatic values **https-443 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/https-443/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "https-443-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/https-443/auto_values.tf b/modules/https-443/auto_values.tf index 92c51599..e10b6dd3 100644 --- a/modules/https-443/auto_values.tf +++ b/modules/https-443/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["https-443-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/https-443/main.tf b/modules/https-443/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/https-443/main.tf +++ b/modules/https-443/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/https-443/outputs.tf b/modules/https-443/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/https-443/outputs.tf +++ b/modules/https-443/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/https-443/variables.tf b/modules/https-443/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/https-443/variables.tf +++ b/modules/https-443/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/https-8443/README.md b/modules/https-8443/README.md index 862c72e3..249f373b 100644 --- a/modules/https-8443/README.md +++ b/modules/https-8443/README.md @@ -4,7 +4,8 @@ ```hcl module "https_8443_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/https-8443" + source = "terraform-aws-modules/security-group/aws//modules/https-8443" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "https_8443_security_group" { All automatic values **https-8443 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/https-8443/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "https-8443-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/https-8443/auto_values.tf b/modules/https-8443/auto_values.tf index 9791195e..b2defbb8 100644 --- a/modules/https-8443/auto_values.tf +++ b/modules/https-8443/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["https-8443-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/https-8443/main.tf b/modules/https-8443/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/https-8443/main.tf +++ b/modules/https-8443/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/https-8443/outputs.tf b/modules/https-8443/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/https-8443/outputs.tf +++ b/modules/https-8443/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/https-8443/variables.tf b/modules/https-8443/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/https-8443/variables.tf +++ b/modules/https-8443/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/ipsec-4500/README.md b/modules/ipsec-4500/README.md index d233d2b0..43b586a2 100644 --- a/modules/ipsec-4500/README.md +++ b/modules/ipsec-4500/README.md @@ -4,7 +4,8 @@ ```hcl module "ipsec_4500_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/ipsec-4500" + source = "terraform-aws-modules/security-group/aws//modules/ipsec-4500" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "ipsec_4500_security_group" { All automatic values **ipsec-4500 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ipsec-4500/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "ipsec-4500-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/ipsec-4500/auto_values.tf b/modules/ipsec-4500/auto_values.tf index 02cd4149..3668d78a 100644 --- a/modules/ipsec-4500/auto_values.tf +++ b/modules/ipsec-4500/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ipsec-4500-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/ipsec-4500/main.tf b/modules/ipsec-4500/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/ipsec-4500/main.tf +++ b/modules/ipsec-4500/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/ipsec-4500/outputs.tf b/modules/ipsec-4500/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ipsec-4500/outputs.tf +++ b/modules/ipsec-4500/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ipsec-4500/variables.tf b/modules/ipsec-4500/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/ipsec-4500/variables.tf +++ b/modules/ipsec-4500/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/ipsec-500/README.md b/modules/ipsec-500/README.md index 3eff6099..4027f9bf 100644 --- a/modules/ipsec-500/README.md +++ b/modules/ipsec-500/README.md @@ -4,7 +4,8 @@ ```hcl module "ipsec_500_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/ipsec-500" + source = "terraform-aws-modules/security-group/aws//modules/ipsec-500" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "ipsec_500_security_group" { All automatic values **ipsec-500 module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ipsec-500/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "ipsec-500-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/ipsec-500/auto_values.tf b/modules/ipsec-500/auto_values.tf index f4e79263..cf06e41c 100644 --- a/modules/ipsec-500/auto_values.tf +++ b/modules/ipsec-500/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ipsec-500-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/ipsec-500/main.tf b/modules/ipsec-500/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/ipsec-500/main.tf +++ b/modules/ipsec-500/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/ipsec-500/outputs.tf b/modules/ipsec-500/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ipsec-500/outputs.tf +++ b/modules/ipsec-500/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ipsec-500/variables.tf b/modules/ipsec-500/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/ipsec-500/variables.tf +++ b/modules/ipsec-500/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/kafka/README.md b/modules/kafka/README.md index 9b9de0cf..15bd032a 100644 --- a/modules/kafka/README.md +++ b/modules/kafka/README.md @@ -4,7 +4,8 @@ ```hcl module "kafka_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/kafka" + source = "terraform-aws-modules/security-group/aws//modules/kafka" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "kafka_security_group" { All automatic values **kafka module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/kafka/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "kafka-broker-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/kafka/auto_values.tf b/modules/kafka/auto_values.tf index e8d3399b..c40358d7 100644 --- a/modules/kafka/auto_values.tf +++ b/modules/kafka/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["kafka-broker-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/kafka/main.tf b/modules/kafka/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/kafka/main.tf +++ b/modules/kafka/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/kafka/outputs.tf b/modules/kafka/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/kafka/outputs.tf +++ b/modules/kafka/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/kafka/variables.tf b/modules/kafka/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/kafka/variables.tf +++ b/modules/kafka/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/ldaps/README.md b/modules/ldaps/README.md index ddce3698..d6b07770 100644 --- a/modules/ldaps/README.md +++ b/modules/ldaps/README.md @@ -4,7 +4,8 @@ ```hcl module "ldaps_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/ldaps" + source = "terraform-aws-modules/security-group/aws//modules/ldaps" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "ldaps_security_group" { All automatic values **ldaps module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ldaps/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "ldaps-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/ldaps/auto_values.tf b/modules/ldaps/auto_values.tf index d294f7ed..627ed83f 100644 --- a/modules/ldaps/auto_values.tf +++ b/modules/ldaps/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ldaps-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/ldaps/main.tf b/modules/ldaps/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/ldaps/main.tf +++ b/modules/ldaps/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/ldaps/outputs.tf b/modules/ldaps/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ldaps/outputs.tf +++ b/modules/ldaps/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ldaps/variables.tf b/modules/ldaps/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/ldaps/variables.tf +++ b/modules/ldaps/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/memcached/README.md b/modules/memcached/README.md index a8aa8792..6ea7dc4f 100644 --- a/modules/memcached/README.md +++ b/modules/memcached/README.md @@ -4,7 +4,8 @@ ```hcl module "memcached_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/memcached" + source = "terraform-aws-modules/security-group/aws//modules/memcached" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "memcached_security_group" { All automatic values **memcached module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/memcached/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "memcached-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/memcached/auto_values.tf b/modules/memcached/auto_values.tf index 075611a1..f92cc280 100644 --- a/modules/memcached/auto_values.tf +++ b/modules/memcached/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["memcached-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/memcached/main.tf b/modules/memcached/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/memcached/main.tf +++ b/modules/memcached/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/memcached/outputs.tf b/modules/memcached/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/memcached/outputs.tf +++ b/modules/memcached/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/memcached/variables.tf b/modules/memcached/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/memcached/variables.tf +++ b/modules/memcached/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/mongodb/README.md b/modules/mongodb/README.md index 40ce7684..245f6e19 100644 --- a/modules/mongodb/README.md +++ b/modules/mongodb/README.md @@ -4,7 +4,8 @@ ```hcl module "mongodb_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/mongodb" + source = "terraform-aws-modules/security-group/aws//modules/mongodb" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "mongodb_security_group" { All automatic values **mongodb module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/mongodb/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/mongodb/auto_values.tf b/modules/mongodb/auto_values.tf index 5ffa670b..667ef54d 100644 --- a/modules/mongodb/auto_values.tf +++ b/modules/mongodb/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/mongodb/main.tf b/modules/mongodb/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/mongodb/main.tf +++ b/modules/mongodb/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/mongodb/outputs.tf b/modules/mongodb/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/mongodb/outputs.tf +++ b/modules/mongodb/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/mongodb/variables.tf b/modules/mongodb/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/mongodb/variables.tf +++ b/modules/mongodb/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/mssql/README.md b/modules/mssql/README.md index d1da517c..c572b270 100644 --- a/modules/mssql/README.md +++ b/modules/mssql/README.md @@ -4,7 +4,8 @@ ```hcl module "mssql_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/mssql" + source = "terraform-aws-modules/security-group/aws//modules/mssql" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "mssql_security_group" { All automatic values **mssql module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/mssql/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/mssql/auto_values.tf b/modules/mssql/auto_values.tf index 358cabe1..9bf790c2 100644 --- a/modules/mssql/auto_values.tf +++ b/modules/mssql/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/mssql/main.tf b/modules/mssql/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/mssql/main.tf +++ b/modules/mssql/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/mssql/outputs.tf b/modules/mssql/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/mssql/outputs.tf +++ b/modules/mssql/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/mssql/variables.tf b/modules/mssql/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/mssql/variables.tf +++ b/modules/mssql/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/mysql/README.md b/modules/mysql/README.md index 1d66ee2c..564e211f 100644 --- a/modules/mysql/README.md +++ b/modules/mysql/README.md @@ -4,7 +4,8 @@ ```hcl module "mysql_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/mysql" + source = "terraform-aws-modules/security-group/aws//modules/mysql" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "mysql_security_group" { All automatic values **mysql module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/mysql/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "mysql-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/mysql/auto_values.tf b/modules/mysql/auto_values.tf index fda8f403..f3e4e495 100644 --- a/modules/mysql/auto_values.tf +++ b/modules/mysql/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["mysql-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/mysql/main.tf +++ b/modules/mysql/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/mysql/outputs.tf b/modules/mysql/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/mysql/outputs.tf +++ b/modules/mysql/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/nfs/README.md b/modules/nfs/README.md index 1a83561f..f63d0214 100644 --- a/modules/nfs/README.md +++ b/modules/nfs/README.md @@ -4,7 +4,8 @@ ```hcl module "nfs_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/nfs" + source = "terraform-aws-modules/security-group/aws//modules/nfs" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "nfs_security_group" { All automatic values **nfs module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/nfs/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "nfs-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/nfs/auto_values.tf b/modules/nfs/auto_values.tf index f4f6ebaf..20d0c030 100644 --- a/modules/nfs/auto_values.tf +++ b/modules/nfs/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["nfs-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/nfs/main.tf b/modules/nfs/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/nfs/main.tf +++ b/modules/nfs/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/nfs/outputs.tf b/modules/nfs/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/nfs/outputs.tf +++ b/modules/nfs/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/nfs/variables.tf b/modules/nfs/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/nfs/variables.tf +++ b/modules/nfs/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/nomad/README.md b/modules/nomad/README.md index 7f5b44a8..442821ab 100644 --- a/modules/nomad/README.md +++ b/modules/nomad/README.md @@ -4,7 +4,8 @@ ```hcl module "nomad_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/nomad" + source = "terraform-aws-modules/security-group/aws//modules/nomad" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "nomad_security_group" { All automatic values **nomad module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/nomad/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/nomad/auto_values.tf b/modules/nomad/auto_values.tf index e91f3f0c..01f150c3 100644 --- a/modules/nomad/auto_values.tf +++ b/modules/nomad/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/nomad/main.tf b/modules/nomad/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/nomad/main.tf +++ b/modules/nomad/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/nomad/outputs.tf b/modules/nomad/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/nomad/outputs.tf +++ b/modules/nomad/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/nomad/variables.tf b/modules/nomad/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/nomad/variables.tf +++ b/modules/nomad/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/ntp/README.md b/modules/ntp/README.md index 8bdb1cff..01de5582 100644 --- a/modules/ntp/README.md +++ b/modules/ntp/README.md @@ -4,7 +4,8 @@ ```hcl module "ntp_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/ntp" + source = "terraform-aws-modules/security-group/aws//modules/ntp" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "ntp_security_group" { All automatic values **ntp module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ntp/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "ntp-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/ntp/auto_values.tf b/modules/ntp/auto_values.tf index 7c11a01f..c3931c2f 100644 --- a/modules/ntp/auto_values.tf +++ b/modules/ntp/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ntp-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/ntp/main.tf b/modules/ntp/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/ntp/main.tf +++ b/modules/ntp/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/ntp/outputs.tf b/modules/ntp/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ntp/outputs.tf +++ b/modules/ntp/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ntp/variables.tf b/modules/ntp/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/ntp/variables.tf +++ b/modules/ntp/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/openvpn/README.md b/modules/openvpn/README.md index 2bfa35bc..f8eaeea2 100644 --- a/modules/openvpn/README.md +++ b/modules/openvpn/README.md @@ -4,7 +4,8 @@ ```hcl module "openvpn_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/openvpn" + source = "terraform-aws-modules/security-group/aws//modules/openvpn" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "openvpn_security_group" { All automatic values **openvpn module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/openvpn/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "openvpn-udp", "openvpn-tcp", "openvpn-https-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/openvpn/auto_values.tf b/modules/openvpn/auto_values.tf index 754247f9..438c079f 100644 --- a/modules/openvpn/auto_values.tf +++ b/modules/openvpn/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["openvpn-udp", "openvpn-tcp", "openvpn-https-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/openvpn/main.tf b/modules/openvpn/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/openvpn/main.tf +++ b/modules/openvpn/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/openvpn/outputs.tf b/modules/openvpn/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/openvpn/outputs.tf +++ b/modules/openvpn/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/openvpn/variables.tf b/modules/openvpn/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/openvpn/variables.tf +++ b/modules/openvpn/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/oracle-db/README.md b/modules/oracle-db/README.md index f4ac380f..a8f0f205 100644 --- a/modules/oracle-db/README.md +++ b/modules/oracle-db/README.md @@ -4,7 +4,8 @@ ```hcl module "oracle_db_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/oracle-db" + source = "terraform-aws-modules/security-group/aws//modules/oracle-db" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "oracle_db_security_group" { All automatic values **oracle-db module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/oracle-db/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "oracle-db-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/oracle-db/auto_values.tf b/modules/oracle-db/auto_values.tf index 1280cc3e..41299ffa 100644 --- a/modules/oracle-db/auto_values.tf +++ b/modules/oracle-db/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["oracle-db-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/oracle-db/main.tf b/modules/oracle-db/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/oracle-db/main.tf +++ b/modules/oracle-db/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/oracle-db/outputs.tf b/modules/oracle-db/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/oracle-db/outputs.tf +++ b/modules/oracle-db/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/oracle-db/variables.tf b/modules/oracle-db/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/oracle-db/variables.tf +++ b/modules/oracle-db/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index 778f1509..ac986087 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -4,7 +4,8 @@ ```hcl module "postgresql_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/postgresql" + source = "terraform-aws-modules/security-group/aws//modules/postgresql" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "postgresql_security_group" { All automatic values **postgresql module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/postgresql/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "postgresql-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/postgresql/auto_values.tf b/modules/postgresql/auto_values.tf index bd736eb4..834a9763 100644 --- a/modules/postgresql/auto_values.tf +++ b/modules/postgresql/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["postgresql-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/postgresql/main.tf +++ b/modules/postgresql/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/postgresql/outputs.tf b/modules/postgresql/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/postgresql/outputs.tf +++ b/modules/postgresql/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/postgresql/variables.tf +++ b/modules/postgresql/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/puppet/README.md b/modules/puppet/README.md index 29e7b95d..6a3ff761 100644 --- a/modules/puppet/README.md +++ b/modules/puppet/README.md @@ -4,7 +4,8 @@ ```hcl module "puppet_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/puppet" + source = "terraform-aws-modules/security-group/aws//modules/puppet" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "puppet_security_group" { All automatic values **puppet module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/puppet/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "puppet-tcp", "puppetdb-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/puppet/auto_values.tf b/modules/puppet/auto_values.tf index 4894c64d..a984553b 100644 --- a/modules/puppet/auto_values.tf +++ b/modules/puppet/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["puppet-tcp", "puppetdb-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/puppet/main.tf b/modules/puppet/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/puppet/main.tf +++ b/modules/puppet/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/puppet/outputs.tf b/modules/puppet/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/puppet/outputs.tf +++ b/modules/puppet/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/puppet/variables.tf b/modules/puppet/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/puppet/variables.tf +++ b/modules/puppet/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/rabbitmq/README.md b/modules/rabbitmq/README.md index 5594e06d..ba55ec07 100644 --- a/modules/rabbitmq/README.md +++ b/modules/rabbitmq/README.md @@ -4,7 +4,8 @@ ```hcl module "rabbitmq_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/rabbitmq" + source = "terraform-aws-modules/security-group/aws//modules/rabbitmq" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "rabbitmq_security_group" { All automatic values **rabbitmq module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/rabbitmq/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/rabbitmq/auto_values.tf b/modules/rabbitmq/auto_values.tf index 389bd903..da37b487 100644 --- a/modules/rabbitmq/auto_values.tf +++ b/modules/rabbitmq/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/rabbitmq/main.tf b/modules/rabbitmq/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/rabbitmq/main.tf +++ b/modules/rabbitmq/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/rabbitmq/outputs.tf b/modules/rabbitmq/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/rabbitmq/outputs.tf +++ b/modules/rabbitmq/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/rabbitmq/variables.tf b/modules/rabbitmq/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/rabbitmq/variables.tf +++ b/modules/rabbitmq/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/rdp/README.md b/modules/rdp/README.md index 28422f20..9466b3a6 100644 --- a/modules/rdp/README.md +++ b/modules/rdp/README.md @@ -4,7 +4,8 @@ ```hcl module "rdp_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/rdp" + source = "terraform-aws-modules/security-group/aws//modules/rdp" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "rdp_security_group" { All automatic values **rdp module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/rdp/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "rdp-tcp", "rdp-udp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/rdp/auto_values.tf b/modules/rdp/auto_values.tf index 8e863dde..728f8859 100644 --- a/modules/rdp/auto_values.tf +++ b/modules/rdp/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["rdp-tcp", "rdp-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/rdp/main.tf b/modules/rdp/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/rdp/main.tf +++ b/modules/rdp/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/rdp/outputs.tf b/modules/rdp/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/rdp/outputs.tf +++ b/modules/rdp/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/rdp/variables.tf b/modules/rdp/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/rdp/variables.tf +++ b/modules/rdp/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/redis/README.md b/modules/redis/README.md index 158a23ac..599bd008 100644 --- a/modules/redis/README.md +++ b/modules/redis/README.md @@ -4,7 +4,8 @@ ```hcl module "redis_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/redis" + source = "terraform-aws-modules/security-group/aws//modules/redis" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "redis_security_group" { All automatic values **redis module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/redis/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "redis-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/redis/auto_values.tf b/modules/redis/auto_values.tf index 3d9631b6..f25a9dcf 100644 --- a/modules/redis/auto_values.tf +++ b/modules/redis/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["redis-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/redis/main.tf b/modules/redis/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/redis/main.tf +++ b/modules/redis/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/redis/outputs.tf b/modules/redis/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/redis/outputs.tf +++ b/modules/redis/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/redis/variables.tf b/modules/redis/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/redis/variables.tf +++ b/modules/redis/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/redshift/README.md b/modules/redshift/README.md index 03ff82ca..97bda151 100644 --- a/modules/redshift/README.md +++ b/modules/redshift/README.md @@ -4,7 +4,8 @@ ```hcl module "redshift_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/redshift" + source = "terraform-aws-modules/security-group/aws//modules/redshift" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "redshift_security_group" { All automatic values **redshift module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/redshift/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "redshift-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/redshift/auto_values.tf b/modules/redshift/auto_values.tf index df7b00de..2e965471 100644 --- a/modules/redshift/auto_values.tf +++ b/modules/redshift/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["redshift-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/redshift/main.tf b/modules/redshift/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/redshift/main.tf +++ b/modules/redshift/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/redshift/outputs.tf b/modules/redshift/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/redshift/outputs.tf +++ b/modules/redshift/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/redshift/variables.tf b/modules/redshift/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/redshift/variables.tf +++ b/modules/redshift/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/splunk/README.md b/modules/splunk/README.md index d44af9ba..5d29ff3a 100644 --- a/modules/splunk/README.md +++ b/modules/splunk/README.md @@ -4,7 +4,8 @@ ```hcl module "splunk_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/splunk" + source = "terraform-aws-modules/security-group/aws//modules/splunk" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "splunk_security_group" { All automatic values **splunk module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/splunk/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/splunk/auto_values.tf b/modules/splunk/auto_values.tf index 898585b6..d16c5b64 100644 --- a/modules/splunk/auto_values.tf +++ b/modules/splunk/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/splunk/main.tf b/modules/splunk/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/splunk/main.tf +++ b/modules/splunk/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/splunk/outputs.tf b/modules/splunk/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/splunk/outputs.tf +++ b/modules/splunk/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/splunk/variables.tf b/modules/splunk/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/splunk/variables.tf +++ b/modules/splunk/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/squid/README.md b/modules/squid/README.md index 1f2cee42..ffa2ded6 100644 --- a/modules/squid/README.md +++ b/modules/squid/README.md @@ -4,7 +4,8 @@ ```hcl module "squid_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/squid" + source = "terraform-aws-modules/security-group/aws//modules/squid" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "squid_security_group" { All automatic values **squid module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/squid/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "squid-proxy-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/squid/auto_values.tf b/modules/squid/auto_values.tf index d0837155..5ba400da 100644 --- a/modules/squid/auto_values.tf +++ b/modules/squid/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["squid-proxy-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/squid/main.tf b/modules/squid/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/squid/main.tf +++ b/modules/squid/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/squid/outputs.tf b/modules/squid/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/squid/outputs.tf +++ b/modules/squid/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/squid/variables.tf b/modules/squid/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/squid/variables.tf +++ b/modules/squid/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/ssh/README.md b/modules/ssh/README.md index 33ee04a8..64ca4d66 100644 --- a/modules/ssh/README.md +++ b/modules/ssh/README.md @@ -4,7 +4,8 @@ ```hcl module "ssh_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/ssh" + source = "terraform-aws-modules/security-group/aws//modules/ssh" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "ssh_security_group" { All automatic values **ssh module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ssh/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "ssh-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/ssh/auto_values.tf b/modules/ssh/auto_values.tf index 0641e7d2..c25ffe6f 100644 --- a/modules/ssh/auto_values.tf +++ b/modules/ssh/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ssh-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/ssh/main.tf b/modules/ssh/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/ssh/main.tf +++ b/modules/ssh/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/ssh/outputs.tf b/modules/ssh/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ssh/outputs.tf +++ b/modules/ssh/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ssh/variables.tf b/modules/ssh/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/ssh/variables.tf +++ b/modules/ssh/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/storm/README.md b/modules/storm/README.md index 816fae12..dfd836e5 100644 --- a/modules/storm/README.md +++ b/modules/storm/README.md @@ -4,7 +4,8 @@ ```hcl module "storm_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/storm" + source = "terraform-aws-modules/security-group/aws//modules/storm" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "storm_security_group" { All automatic values **storm module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/storm/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/storm/auto_values.tf b/modules/storm/auto_values.tf index 77928b6b..f668f41c 100644 --- a/modules/storm/auto_values.tf +++ b/modules/storm/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/storm/main.tf b/modules/storm/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/storm/main.tf +++ b/modules/storm/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/storm/outputs.tf b/modules/storm/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/storm/outputs.tf +++ b/modules/storm/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/storm/variables.tf b/modules/storm/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/storm/variables.tf +++ b/modules/storm/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/web/README.md b/modules/web/README.md index 94e1df67..1a5fefc3 100644 --- a/modules/web/README.md +++ b/modules/web/README.md @@ -4,7 +4,8 @@ ```hcl module "web_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/web" + source = "terraform-aws-modules/security-group/aws//modules/web" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "web_security_group" { All automatic values **web module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/web/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/web/auto_values.tf b/modules/web/auto_values.tf index 2a359de5..26ccf4eb 100644 --- a/modules/web/auto_values.tf +++ b/modules/web/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/web/main.tf b/modules/web/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/web/main.tf +++ b/modules/web/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/web/outputs.tf b/modules/web/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/web/outputs.tf +++ b/modules/web/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/web/variables.tf b/modules/web/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/web/variables.tf +++ b/modules/web/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/winrm/README.md b/modules/winrm/README.md index 1e2587c6..1171aff1 100644 --- a/modules/winrm/README.md +++ b/modules/winrm/README.md @@ -4,7 +4,8 @@ ```hcl module "winrm_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/winrm" + source = "terraform-aws-modules/security-group/aws//modules/winrm" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "winrm_security_group" { All automatic values **winrm module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/winrm/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "winrm-http-tcp", "winrm-https-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/winrm/auto_values.tf b/modules/winrm/auto_values.tf index 3af0e0bc..7f21b5c8 100644 --- a/modules/winrm/auto_values.tf +++ b/modules/winrm/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["winrm-http-tcp", "winrm-https-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/winrm/main.tf b/modules/winrm/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/winrm/main.tf +++ b/modules/winrm/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/winrm/outputs.tf b/modules/winrm/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/winrm/outputs.tf +++ b/modules/winrm/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/winrm/variables.tf b/modules/winrm/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/winrm/variables.tf +++ b/modules/winrm/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/zipkin/README.md b/modules/zipkin/README.md index 0364a519..f31de3fe 100644 --- a/modules/zipkin/README.md +++ b/modules/zipkin/README.md @@ -4,7 +4,8 @@ ```hcl module "zipkin_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/zipkin" + source = "terraform-aws-modules/security-group/aws//modules/zipkin" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "zipkin_security_group" { All automatic values **zipkin module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/zipkin/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/zipkin/auto_values.tf b/modules/zipkin/auto_values.tf index 193b13c0..763db169 100644 --- a/modules/zipkin/auto_values.tf +++ b/modules/zipkin/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/zipkin/main.tf b/modules/zipkin/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/zipkin/main.tf +++ b/modules/zipkin/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/zipkin/outputs.tf b/modules/zipkin/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/zipkin/outputs.tf +++ b/modules/zipkin/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/zipkin/variables.tf b/modules/zipkin/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/zipkin/variables.tf +++ b/modules/zipkin/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/modules/zookeeper/README.md b/modules/zookeeper/README.md index e85df3ed..34eef8f0 100644 --- a/modules/zookeeper/README.md +++ b/modules/zookeeper/README.md @@ -4,7 +4,8 @@ ```hcl module "zookeeper_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/zookeeper" + source = "terraform-aws-modules/security-group/aws//modules/zookeeper" + version = "~> 3.0" # omitted... } @@ -13,85 +14,4 @@ module "zookeeper_security_group" { All automatic values **zookeeper module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/zookeeper/auto_values.tf). -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no | -| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no | -| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no | -| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no | -| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no | -| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp" ]` | no | -| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no | -| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no | -| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no | -| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no | -| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no | -| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no | -| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no | -| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no | -| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no | -| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| create | Whether to create security group and all rules | string | `"true"` | no | -| description | Description of security group | string | `"Security Group managed by Terraform"` | no | -| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no | -| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no | -| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no | -| egress\_rules | List of egress rules to create by name | list | `[]` | no | -| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no | -| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no | -| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no | -| ingress\_rules | List of ingress rules to create by name | list | `[]` | no | -| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no | -| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no | -| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no | -| name | Name of security group | string | n/a | yes | -| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no | -| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no | -| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no | -| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no | -| tags | A mapping of tags to assign to security group | map | `{}` | no | -| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no | -| vpc\_id | ID of the VPC where to create security group | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| this\_security\_group\_description | The description of the security group | -| this\_security\_group\_id | The ID of the security group | -| this\_security\_group\_name | The name of the security group | -| this\_security\_group\_owner\_id | The owner ID | -| this\_security\_group\_vpc\_id | The VPC ID | - diff --git a/modules/zookeeper/auto_values.tf b/modules/zookeeper/auto_values.tf index b6a2466d..26cfb16f 100644 --- a/modules/zookeeper/auto_values.tf +++ b/modules/zookeeper/auto_values.tf @@ -5,73 +5,75 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" - - default = [{ - "rule" = "all-all" - }] + type = list(map(string)) + default = [{ "rule" = "all-all" }] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = [] } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } + diff --git a/modules/zookeeper/main.tf b/modules/zookeeper/main.tf index 8d89d1fb..2c85546f 100644 --- a/modules/zookeeper/main.tf +++ b/modules/zookeeper/main.tf @@ -1,116 +1,114 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""])))) # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self) # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = var.ingress_with_cidr_blocks # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = var.ingress_with_source_security_group_id # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = var.ingress_cidr_blocks + ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = var.ingress_prefix_list_ids ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""])))) # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self) # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" - - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""])))) # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self) # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = var.egress_with_cidr_blocks # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = var.egress_with_source_security_group_id # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = var.egress_cidr_blocks + egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = var.egress_prefix_list_ids ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""])))) # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self) # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" - - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } diff --git a/modules/zookeeper/outputs.tf b/modules/zookeeper/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/zookeeper/outputs.tf +++ b/modules/zookeeper/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/zookeeper/variables.tf b/modules/zookeeper/variables.tf index 070cc30c..354b9e37 100644 --- a/modules/zookeeper/variables.tf +++ b/modules/zookeeper/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,41 +91,49 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed ingress rules" + type = list(string) default = [] } variable "computed_ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = list(string) default = [] } @@ -120,41 +142,49 @@ variable "computed_ingress_prefix_list_ids" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_ingress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed ingress rules" + type = number default = 0 } variable "number_of_computed_ingress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules" + type = number default = 0 } @@ -163,41 +193,49 @@ variable "number_of_computed_ingress_prefix_list_ids" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -206,41 +244,49 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "computed_egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "computed_egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all computed egress rules" + type = list(string) default = ["::/0"] } variable "computed_egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = list(string) default = [] } @@ -249,40 +295,48 @@ variable "computed_egress_prefix_list_ids" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } variable "number_of_computed_egress_cidr_blocks" { description = "Number of IPv4 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_ipv6_cidr_blocks" { description = "Number of IPv6 CIDR ranges to use on all computed egress rules" + type = number default = 0 } variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" + type = number default = 0 } diff --git a/outputs.tf b/outputs.tf index 9fb8e362..edc60210 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,36 +1,53 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${element(concat(coalescelist(aws_security_group.this.*.id, aws_security_group.this_name_prefix.*.id), list("")), 0)}" + value = concat( + aws_security_group.this.*.id, + aws_security_group.this_name_prefix.*.id, + [""], + )[0] } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${element(concat(coalescelist(aws_security_group.this.*.vpc_id, aws_security_group.this_name_prefix.*.vpc_id), list("")), 0)}" + value = concat( + aws_security_group.this.*.vpc_id, + aws_security_group.this_name_prefix.*.vpc_id, + [""], + )[0] } output "this_security_group_owner_id" { description = "The owner ID" - value = "${element(concat(coalescelist(aws_security_group.this.*.owner_id, aws_security_group.this_name_prefix.*.owner_id), list("")), 0)}" + value = concat( + aws_security_group.this.*.owner_id, + aws_security_group.this_name_prefix.*.owner_id, + [""], + )[0] } output "this_security_group_name" { description = "The name of the security group" - value = "${element(concat(coalescelist(aws_security_group.this.*.name, aws_security_group.this_name_prefix.*.name), list("")), 0)}" + value = concat( + aws_security_group.this.*.name, + aws_security_group.this_name_prefix.*.name, + [""], + )[0] } output "this_security_group_description" { description = "The description of the security group" - value = "${element(concat(coalescelist(aws_security_group.this.*.description, aws_security_group.this_name_prefix.*.description), list("")), 0)}" + value = concat( + aws_security_group.this.*.description, + aws_security_group.this_name_prefix.*.description, + [""], + )[0] } //output "this_security_group_ingress" { // description = "The ingress rules" // value = "${element(concat(aws_security_group.this.*.ingress, list("")), 0)}" //} - - //output "this_security_group_egress" { // description = "The egress rules" // value = "${element(concat(aws_security_group.this.*.egress, list("")), 0)" //} - diff --git a/rules.tf b/rules.tf index ac13374b..8fe10c1c 100644 --- a/rules.tf +++ b/rules.tf @@ -1,6 +1,6 @@ variable "rules" { description = "Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description'])" - type = "map" + type = map(list(any)) # Protocols (tcp, udp, icmp, all - are allowed keywords) or numbers (from https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml): # All = -1, IPV4-ICMP = 1, TCP = 6, UDP = 16, IPV6-ICMP = 58 @@ -12,12 +12,10 @@ variable "rules" { carbon-pickle-udp = [2013, 2013, "udp", "Carbon pickle"] carbon-admin-tcp = [2004, 2004, "tcp", "Carbon admin"] carbon-gui-udp = [8081, 8081, "tcp", "Carbon GUI"] - # Cassandra cassandra-clients-tcp = [9042, 9042, "tcp", "Cassandra clients"] cassandra-thrift-clients-tcp = [9160, 9160, "tcp", "Cassandra Thrift clients"] cassandra-jmx-tcp = [7199, 7199, "tcp", "JMX"] - # Consul consul-tcp = [8300, 8300, "tcp", "Consul server"] consul-cli-rpc-tcp = [8400, 8400, "tcp", "Consul CLI RPC"] @@ -28,144 +26,111 @@ variable "rules" { consul-serf-lan-udp = [8301, 8301, "udp", "Serf LAN"] consul-serf-wan-tcp = [8302, 8302, "tcp", "Serf WAN"] consul-serf-wan-udp = [8302, 8302, "udp", "Serf WAN"] - # Docker Swarm docker-swarm-mngmt-tcp = [2377, 2377, "tcp", "Docker Swarm cluster management"] docker-swarm-node-tcp = [7946, 7946, "tcp", "Docker Swarm node"] docker-swarm-node-udp = [7946, 7946, "udp", "Docker Swarm node"] docker-swarm-overlay-udp = [4789, 4789, "udp", "Docker Swarm Overlay Network Traffic"] - # DNS dns-udp = [53, 53, "udp", "DNS"] dns-tcp = [53, 53, "tcp", "DNS"] - # NTP - Network Time Protocol ntp-udp = [123, 123, "udp", "NTP"] - # Elasticsearch elasticsearch-rest-tcp = [9200, 9200, "tcp", "Elasticsearch REST interface"] elasticsearch-java-tcp = [9300, 9300, "tcp", "Elasticsearch Java interface"] - # HTTP http-80-tcp = [80, 80, "tcp", "HTTP"] http-8080-tcp = [8080, 8080, "tcp", "HTTP"] - # HTTPS https-443-tcp = [443, 443, "tcp", "HTTPS"] https-8443-tcp = [8443, 8443, "tcp", "HTTPS"] - # IPSEC ipsec-500-udp = [500, 500, "udp", "IPSEC ISAKMP"] ipsec-4500-udp = [4500, 4500, "udp", "IPSEC NAT-T"] - # Kafka kafka-broker-tcp = [9092, 9092, "tcp", "Kafka broker 0.8.2+"] - # LDAPS ldaps-tcp = [636, 636, "tcp", "LDAPS"] - # Memcached memcached-tcp = [11211, 11211, "tcp", "Memcached"] - # MongoDB mongodb-27017-tcp = [27017, 27017, "tcp", "MongoDB"] mongodb-27018-tcp = [27018, 27018, "tcp", "MongoDB shard"] mongodb-27019-tcp = [27019, 27019, "tcp", "MongoDB config server"] - # MySQL mysql-tcp = [3306, 3306, "tcp", "MySQL/Aurora"] - # MSSQL Server mssql-tcp = [1433, 1433, "tcp", "MSSQL Server"] mssql-udp = [1434, 1434, "udp", "MSSQL Browser"] mssql-analytics-tcp = [2383, 2383, "tcp", "MSSQL Analytics"] mssql-broker-tcp = [4022, 4022, "tcp", "MSSQL Broker"] - # NFS/EFS nfs-tcp = [2049, 2049, "tcp", "NFS/EFS"] - # Nomad nomad-http-tcp = [4646, 4646, "tcp", "Nomad HTTP"] nomad-rpc-tcp = [4647, 4647, "tcp", "Nomad RPC"] nomad-serf-tcp = [4648, 4648, "tcp", "Serf"] nomad-serf-udp = [4648, 4648, "udp", "Serf"] - # OpenVPN openvpn-udp = [1194, 1194, "udp", "OpenVPN"] openvpn-tcp = [943, 943, "tcp", "OpenVPN"] openvpn-https-tcp = [443, 443, "tcp", "OpenVPN"] - # PostgreSQL postgresql-tcp = [5432, 5432, "tcp", "PostgreSQL"] - # Oracle Database oracle-db-tcp = [1521, 1521, "tcp", "Oracle"] - # Puppet puppet-tcp = [8140, 8140, "tcp", "Puppet"] puppetdb-tcp = [8081, 8081, "tcp", "PuppetDB"] - # RabbitMQ rabbitmq-4369-tcp = [4369, 4369, "tcp", "RabbitMQ epmd"] rabbitmq-5671-tcp = [5671, 5671, "tcp", "RabbitMQ"] rabbitmq-5672-tcp = [5672, 5672, "tcp", "RabbitMQ"] rabbitmq-15672-tcp = [15672, 15672, "tcp", "RabbitMQ"] rabbitmq-25672-tcp = [25672, 25672, "tcp", "RabbitMQ"] - # RDP rdp-tcp = [3389, 3389, "tcp", "Remote Desktop"] rdp-udp = [3389, 3389, "udp", "Remote Desktop"] - # Redis redis-tcp = [6379, 6379, "tcp", "Redis"] - # Redshift redshift-tcp = [5439, 5439, "tcp", "Redshift"] - # Splunk splunk-indexer-tcp = [9997, 9997, "tcp", "Splunk indexer"] splunk-clients-tcp = [8080, 8080, "tcp", "Splunk clients"] splunk-splunkd-tcp = [8089, 8089, "tcp", "Splunkd"] splunk-hec-tcp = [8088, 8088, "tcp", "Splunk HEC"] - # Squid squid-proxy-tcp = [3128, 3128, "tcp", "Squid default proxy"] - # SSH ssh-tcp = [22, 22, "tcp", "SSH"] - # Storm storm-nimbus-tcp = [6627, 6627, "tcp", "Nimbus"] storm-ui-tcp = [8080, 8080, "tcp", "Storm UI"] storm-supervisor-tcp = [6700, 6703, "tcp", "Supervisor"] - # Web web-jmx-tcp = [1099, 1099, "tcp", "JMX"] - # WinRM winrm-http-tcp = [5985, 5985, "tcp", "WinRM HTTP"] winrm-https-tcp = [5986, 5986, "tcp", "WinRM HTTPS"] - # Zipkin zipkin-admin-tcp = [9990, 9990, "tcp", "Zipkin Admin port collector"] zipkin-admin-query-tcp = [9901, 9901, "tcp", "Zipkin Admin port query"] zipkin-admin-web-tcp = [9991, 9991, "tcp", "Zipkin Admin port web"] zipkin-query-tcp = [9411, 9411, "tcp", "Zipkin query port"] zipkin-web-tcp = [8080, 8080, "tcp", "Zipkin web port"] - # Zookeeper zookeeper-2181-tcp = [2181, 2181, "tcp", "Zookeeper"] zookeeper-2888-tcp = [2888, 2888, "tcp", "Zookeeper"] zookeeper-3888-tcp = [3888, 3888, "tcp", "Zookeeper"] zookeeper-jmx-tcp = [7199, 7199, "tcp", "JMX"] - # Open all ports & protocols all-all = [-1, -1, "-1", "All protocols"] all-tcp = [0, 65535, "tcp", "All TCP ports"] all-udp = [0, 65535, "udp", "All UDP ports"] all-icmp = [-1, -1, "icmp", "All IPV4 ICMP"] all-ipv6-icmp = [-1, -1, 58, "All IPV6 ICMP"] - # This is a fallback rule to pass to lookup() as default. It does not open anything, because it should never be used. _ = ["", "", ""] } @@ -173,7 +138,7 @@ variable "rules" { variable "auto_groups" { description = "Map of groups of security group rules to use to generate modules (see update_groups.sh)" - type = "map" + type = map(map(list(string))) # Valid keys - ingress_rules, egress_rules, ingress_with_self, egress_with_self default = { @@ -182,211 +147,176 @@ variable "auto_groups" { ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - cassandra = { ingress_rules = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - consul = { ingress_rules = ["consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - docker-swarm = { ingress_rules = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - elasticsearch = { ingress_rules = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - http-80 = { ingress_rules = ["http-80-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - http-8080 = { ingress_rules = ["http-8080-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - https-443 = { ingress_rules = ["https-443-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - https-8443 = { ingress_rules = ["https-8443-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ipsec-500 = { ingress_rules = ["ipsec-500-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ipsec-4500 = { ingress_rules = ["ipsec-4500-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - kafka = { ingress_rules = ["kafka-broker-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ldaps = { ingress_rules = ["ldaps-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - memcached = { ingress_rules = ["memcached-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - mongodb = { ingress_rules = ["mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - mysql = { ingress_rules = ["mysql-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - mssql = { ingress_rules = ["mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - nfs = { ingress_rules = ["nfs-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - nomad = { ingress_rules = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - openvpn = { ingress_rules = ["openvpn-udp", "openvpn-tcp", "openvpn-https-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - postgresql = { ingress_rules = ["postgresql-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - oracle-db = { ingress_rules = ["oracle-db-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ntp = { ingress_rules = ["ntp-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - puppet = { ingress_rules = ["puppet-tcp", "puppetdb-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - rabbitmq = { ingress_rules = ["rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - rdp = { ingress_rules = ["rdp-tcp", "rdp-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - redis = { ingress_rules = ["redis-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - redshift = { ingress_rules = ["redshift-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - splunk = { ingress_rules = ["splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - squid = { ingress_rules = ["squid-proxy-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ssh = { ingress_rules = ["ssh-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - storm = { ingress_rules = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - web = { ingress_rules = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - winrm = { ingress_rules = ["winrm-http-tcp", "winrm-https-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - zipkin = { ingress_rules = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - zookeeper = { ingress_rules = ["zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"] ingress_with_self = ["all-all"] @@ -394,3 +324,4 @@ variable "auto_groups" { } } } + diff --git a/update_groups.sh b/update_groups.sh index c580a818..bf42ea0d 100755 --- a/update_groups.sh +++ b/update_groups.sh @@ -10,6 +10,12 @@ set -e cd "$(dirname "${BASH_SOURCE[0]}")" check_dependencies() { + if [[ ! $(command -v sed) ]]; then + echo "ERROR: The binary 'sed' is required by this script but is not installed or in the system's PATH." + echo "Check documentation: https://www.gnu.org/software/sed/" + exit 1 + fi + if [[ ! $(command -v json2hcl) ]]; then echo "ERROR: The binary 'json2hcl' is required by this script but is not installed or in the system's PATH." echo "Check documentation: https://github.com/kvz/json2hcl" @@ -24,7 +30,8 @@ check_dependencies() { } auto_groups_data() { - json2hcl -reverse < rules.tf | jq -r '..|.auto_groups?|values|.[0]|.default|.[0]' + # Removing line with "type" because it json2hcl works with HCL1 only (ref https://github.com/kvz/json2hcl/issues/12) + sed '/type/ d' rules.tf | json2hcl -reverse | jq -r '..|.auto_groups?|values|.[0]|.default|.[0]' } auto_groups_keys() { @@ -131,71 +138,75 @@ main() { variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = $ingress_rules } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = $ingress_with_self } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = $egress_rules } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = $egress_with_self } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = $computed_ingress_rules } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(map(string)) default = $computed_ingress_with_self } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = $computed_egress_rules } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(map(string)) default = $computed_egress_with_self } # Number of computed rules variable "auto_number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = $number_of_computed_ingress_rules } variable "auto_number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = $number_of_computed_ingress_with_self } variable "auto_number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = $number_of_computed_egress_rules } variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = $number_of_computed_egress_with_self } @@ -208,7 +219,8 @@ EOF \`\`\`hcl module "${group/-/_}_security_group" { - source = "terraform-aws-modules/security-group/aws//modules/${group}" + source = "terraform-aws-modules/security-group/aws//modules/${group}" + version = "~> 3.0" # omitted... } diff --git a/variables.tf b/variables.tf index 6995f9cc..174f6b98 100644 --- a/variables.tf +++ b/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = string } variable "name" { description = "Name of security group" + type = string } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = bool default = true } variable "description" { description = "Description of security group" + type = string default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,26 +91,31 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } @@ -105,26 +124,31 @@ variable "computed_ingress_with_source_security_group_id" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } @@ -133,41 +157,49 @@ variable "number_of_computed_ingress_with_source_security_group_id" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -176,26 +208,31 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } @@ -204,25 +241,30 @@ variable "computed_egress_with_source_security_group_id" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 }