Upgrade module to support Terraform 0.12 (#120)

2a72328b · Anton Babenko · GitHub · 4e1c2a70 · 2a72328b · 2a72328b
Commit 2a72328b authored May 26, 2019 by Anton Babenko Committed by GitHub May 26, 2019
204 changed files
--- a/.chglog/CHANGELOG.tpl.md
+++ b/.chglog/CHANGELOG.tpl.md
+{{ if .Versions -}}
+<a name="unreleased"></a>
+## [Unreleased]
+{{ if .Unreleased.CommitGroups -}}
+{{ range .Unreleased.CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Unreleased.Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
+{{ if .CommitGroups -}}
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{- if .Versions }}
+[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
+{{ range .Versions -}}
+{{ if .Tag.Previous -}}
+[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
\ No newline at end of file
--- a/.chglog/config.yml
+++ b/.chglog/config.yml
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/terraform-aws-modules/terraform-aws-security-group
+options:
+  header:
+    pattern: "^(.*)$"
+    pattern_maps:
+      - Subject
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,7 +3,7 @@ repos:
  rev: v1.8.1
  hooks:
    - id: terraform_fmt
-    - id: terraform_docs
+#    - id: terraform_docs # not yet compatible with Terraform 0.12
 - repo: git://github.com/pre-commit/pre-commit-hooks
  rev: v2.1.0
  hooks:

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/Makefile
+++ b/Makefile
+.PHONY: changelog release
+
+changelog:
+	git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o`
+
+release:
+	semtag final -s minor
--- a/README.md
+++ b/README.md
@@ -24,6 +24,12 @@ Ingress and egress rules can be configured in a variety of ways. See [inputs sec

 If there is a missing feature or a bug - [open an issue](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/new).

+## Terraform versions
+
+For Terraform 0.12 use version `v3.*` of this module.
+
+If you are using Terraform 0.11 you can use versions `v2.*`.
+
 ## Usage

 There are two ways to create security groups using this module:

--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
 provider "aws" {
  region = "eu-west-1"
+
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_get_ec2_platforms      = true
+  skip_metadata_api_check     = true
+  skip_region_validation      = true
 }

 #############################################################
@@ -11,7 +17,7 @@ data "aws_vpc" "default" {

 data "aws_security_group" "default" {
  name   = "default"
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }

 ##################################################
@@ -32,7 +38,7 @@ module "main_sg" {

  name        = "main-sg"
  description = "Security group which is used as an argument in complete-sg"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["10.10.0.0/16"]
  ingress_rules       = ["https-443-tcp"]
@@ -46,7 +52,7 @@ module "complete_sg" {

  name        = "complete-sg"
  description = "Security group with all available arguments set (this is just an example)"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  tags = {
    Cash       = "king"
@@ -97,7 +103,7 @@ module "complete_sg" {
      to_port     = 25
      protocol    = 6
      description = "Service name with vpc cidr"
-      cidr_blocks = "${module.vpc.vpc_cidr_block}"
+      cidr_blocks = module.vpc.vpc_cidr_block
    },
  ]

@@ -130,28 +136,28 @@ module "complete_sg" {
  ingress_with_source_security_group_id = [
    {
      rule                     = "mysql-tcp"
-      source_security_group_id = "${data.aws_security_group.default.id}"
+      source_security_group_id = data.aws_security_group.default.id
    },
    {
      from_port                = 10
      to_port                  = 10
      protocol                 = 6
      description              = "Service name"
-      source_security_group_id = "${data.aws_security_group.default.id}"
+      source_security_group_id = data.aws_security_group.default.id
    },
  ]

  computed_ingress_with_source_security_group_id = [
    {
      rule                     = "postgresql-tcp"
-      source_security_group_id = "${module.main_sg.this_security_group_id}"
+      source_security_group_id = module.main_sg.this_security_group_id
    },
    {
      from_port                = 23
      to_port                  = 23
      protocol                 = 6
      description              = "Service name"
-      source_security_group_id = "${module.main_sg.this_security_group_id}"
+      source_security_group_id = module.main_sg.this_security_group_id
    },
  ]

@@ -225,7 +231,7 @@ module "complete_sg" {
  computed_egress_with_cidr_blocks = [
    {
      rule        = "https-443-tcp"
-      cidr_blocks = "${module.vpc.vpc_cidr_block}"
+      cidr_blocks = module.vpc.vpc_cidr_block
    },
  ]

@@ -258,21 +264,21 @@ module "complete_sg" {
  egress_with_source_security_group_id = [
    {
      rule                     = "mysql-tcp"
-      source_security_group_id = "${data.aws_security_group.default.id}"
+      source_security_group_id = data.aws_security_group.default.id
    },
    {
      from_port                = 10
      to_port                  = 10
      protocol                 = 6
      description              = "Service name"
-      source_security_group_id = "${data.aws_security_group.default.id}"
+      source_security_group_id = data.aws_security_group.default.id
    },
  ]

  computed_egress_with_source_security_group_id = [
    {
      rule                     = "postgresql-tcp"
-      source_security_group_id = "${module.main_sg.this_security_group_id}"
+      source_security_group_id = module.main_sg.this_security_group_id
    },
  ]

@@ -315,7 +321,7 @@ module "ipv4_ipv6_example" {

  name        = "ipv4-ipv6-example"
  description = "IPv4 and IPv6 example"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_with_cidr_blocks = [
    {
@@ -366,10 +372,11 @@ module "fixed_name_sg" {

  name        = "fixed-name-sg"
  description = "Security group with fixed name"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  use_name_prefix = false

  ingress_cidr_blocks = ["10.10.0.0/16"]
  ingress_rules       = ["https-443-tcp"]
 }
+
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.complete_sg.this_security_group_id}"
+  value       = module.complete_sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.complete_sg.this_security_group_vpc_id}"
+  value       = module.complete_sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.complete_sg.this_security_group_owner_id}"
+  value       = module.complete_sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.complete_sg.this_security_group_name}"
+  value       = module.complete_sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.complete_sg.this_security_group_description}"
+  value       = module.complete_sg.this_security_group_description
 }
+
--- a/examples/computed/main.tf
+++ b/examples/computed/main.tf
@@ -11,7 +11,7 @@ data "aws_vpc" "default" {

 data "aws_security_group" "default" {
  name   = "default"
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }

 ###########################
@@ -22,14 +22,14 @@ module "http_sg" {

  name        = "computed-http-sg"
  description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["0.0.0.0/0"]

  ingress_with_source_security_group_id = [
    {
      rule                     = "https-443-tcp"
-      source_security_group_id = "${data.aws_security_group.default.id}"
+      source_security_group_id = data.aws_security_group.default.id
    },
  ]
 }
@@ -39,16 +39,17 @@ module "mysql_sg" {

  name        = "computed-mysql-sg"
  description = "Security group with MySQL/Aurora port open for HTTP security group created above (computed)"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["0.0.0.0/0"]

  computed_ingress_with_source_security_group_id = [
    {
      rule                     = "mysql-tcp"
-      source_security_group_id = "${module.http_sg.this_security_group_id}"
+      source_security_group_id = module.http_sg.this_security_group_id
    },
  ]

  number_of_computed_ingress_with_source_security_group_id = 1
 }
+
--- a/examples/computed/outputs.tf
+++ b/examples/computed/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.mysql_sg.this_security_group_id}"
+  value       = module.mysql_sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.mysql_sg.this_security_group_vpc_id}"
+  value       = module.mysql_sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.mysql_sg.this_security_group_owner_id}"
+  value       = module.mysql_sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.mysql_sg.this_security_group_name}"
+  value       = module.mysql_sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.mysql_sg.this_security_group_description}"
+  value       = module.mysql_sg.this_security_group_description
 }
+
--- a/examples/disabled/main.tf
+++ b/examples/disabled/main.tf
@@ -11,7 +11,7 @@ data "aws_vpc" "default" {

 data "aws_security_group" "default" {
  name   = "default"
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }

 ########################################################
@@ -23,7 +23,7 @@ module "complete_sg_disabled" {
  create      = false
  name        = "complete-sg"
  description = "Security group with all available arguments set (this is just an example)"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["0.0.0.0/0"]
 }
@@ -34,7 +34,8 @@ module "http_sg_disabled" {
  create      = false
  name        = "http-sg"
  description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["0.0.0.0/0"]
 }
+
--- a/examples/disabled/outputs.tf
+++ b/examples/disabled/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.complete_sg_disabled.this_security_group_id}"
+  value       = module.complete_sg_disabled.this_security_group_id
 }
+
--- a/examples/dynamic/main.tf
+++ b/examples/dynamic/main.tf
@@ -11,7 +11,7 @@ data "aws_vpc" "default" {

 data "aws_security_group" "default" {
  name   = "default"
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }

 ###########################
@@ -26,14 +26,15 @@ module "http_sg" {

  name        = "dynamic-http-sg"
  description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["0.0.0.0/0"]

  ingress_with_source_security_group_id = [
    {
      rule                     = "https-443-tcp"
-      source_security_group_id = "${data.aws_security_group.default.id}"
+      source_security_group_id = data.aws_security_group.default.id
    },
  ]
 }
+
--- a/examples/dynamic/outputs.tf
+++ b/examples/dynamic/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.http_sg.this_security_group_id}"
+  value       = module.http_sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.http_sg.this_security_group_vpc_id}"
+  value       = module.http_sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.http_sg.this_security_group_owner_id}"
+  value       = module.http_sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.http_sg.this_security_group_name}"
+  value       = module.http_sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.http_sg.this_security_group_description}"
+  value       = module.http_sg.this_security_group_description
 }
+
--- a/examples/http/main.tf
+++ b/examples/http/main.tf
@@ -11,7 +11,7 @@ data "aws_vpc" "default" {

 data "aws_security_group" "default" {
  name   = "default"
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }

 ###########################
@@ -26,7 +26,7 @@ module "http_sg" {

  name        = "http-sg"
  description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["0.0.0.0/0"]
 }
@@ -41,7 +41,7 @@ module "http_mysql_1_sg" {
  use_name_prefix = false

  description = "Security group with HTTP and MySQL ports open for everybody (IPv4 CIDR)"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  ingress_cidr_blocks = ["0.0.0.0/0"]

@@ -57,14 +57,14 @@ module "http_mysql_2_sg" {

  name        = "http-mysql-2"
  description = "Security group with HTTP and MySQL ports open within current VPC"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  # Add mysql rules
  ingress_rules = ["mysql-tcp"]

  # Allow ingress rules to be accessed only within current VPC
-  ingress_cidr_blocks      = ["${data.aws_vpc.default.cidr_block}"]
-  ingress_ipv6_cidr_blocks = []                                     # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"]
+  ingress_cidr_blocks      = [data.aws_vpc.default.cidr_block]
+  ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"]
 }

 ###########################
@@ -75,10 +75,10 @@ module "http_with_egress_minimal_sg" {

  name        = "http-with-egress-minimal"
  description = "Security group with HTTP ports open within current VPC, and allow egress access to HTTP ports to the whole world"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  # Allow ingress rules to be accessed only within current VPC
-  ingress_cidr_blocks = ["${data.aws_vpc.default.cidr_block}"]
+  ingress_cidr_blocks = [data.aws_vpc.default.cidr_block]

  # Allow all rules for all protocols
  egress_rules = ["http-80-tcp"]
@@ -92,16 +92,17 @@ module "http_with_egress_sg" {

  name        = "http-with-egress"
  description = "Security group with HTTP ports open within current VPC, and allow egress access just to small subnet"
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id

  # Add mysql rules
  ingress_rules = ["mysql-tcp"]

  # Allow ingress rules to be accessed only within current VPC
-  ingress_cidr_blocks      = ["${data.aws_vpc.default.cidr_block}"]
-  ingress_ipv6_cidr_blocks = []                                     # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"]
+  ingress_cidr_blocks      = [data.aws_vpc.default.cidr_block]
+  ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"]

  # Allow egress rules to access anything (empty list means everything)
  egress_cidr_blocks      = ["10.10.10.0/28"]
-  egress_ipv6_cidr_blocks = []                # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"]
+  egress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"]
 }
+
--- a/examples/http/outputs.tf
+++ b/examples/http/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.http_sg.this_security_group_id}"
+  value       = module.http_sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.http_sg.this_security_group_vpc_id}"
+  value       = module.http_sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.http_sg.this_security_group_owner_id}"
+  value       = module.http_sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.http_sg.this_security_group_name}"
+  value       = module.http_sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.http_sg.this_security_group_description}"
+  value       = module.http_sg.this_security_group_description
 }
+
--- a/main.tf
+++ b/main.tf
--- a/modules/_templates/main.tf
+++ b/modules/_templates/main.tf
 module "sg" {
  source = "../../"

-  create          = "${var.create}"
-  name            = "${var.name}"
-  use_name_prefix = "${var.use_name_prefix}"
-  description     = "${var.description}"
-  vpc_id          = "${var.vpc_id}"
-  tags            = "${var.tags}"
+  create          = var.create
+  name            = var.name
+  use_name_prefix = var.use_name_prefix
+  description     = var.description
+  vpc_id          = var.vpc_id
+  tags            = var.tags

  ##########
  # Ingress
  ##########
  # Rules by names - open for default CIDR
-  ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"]
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))

  # Open for self
-  ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"]
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)

  # Open to IPv4 cidr blocks
-  ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"]
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"]
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"]
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id

  # Default ingress CIDR blocks
-  ingress_cidr_blocks      = ["${var.ingress_cidr_blocks}"]
-  ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks

  # Default prefix list ids
-  ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids

  ###################
  # Computed Ingress
  ###################
  # Rules by names - open for default CIDR
-  computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))

  # Open for self
-  computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)

  # Open to IPv4 cidr blocks
-  computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id

  #############################
  # Number of computed ingress
  #############################
-  number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
-
-  number_of_computed_ingress_with_self                     = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
-  number_of_computed_ingress_with_cidr_blocks              = "${var.number_of_computed_ingress_with_cidr_blocks}"
-  number_of_computed_ingress_with_ipv6_cidr_blocks         = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
-  number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id

  #########
  # Egress
  #########
  # Rules by names - open for default CIDR
-  egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"]
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))

  # Open for self
-  egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"]
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)

  # Open to IPv4 cidr blocks
-  egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"]
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"]
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks

  # Open for security group id
-  egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"]
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id

  # Default egress CIDR blocks
-  egress_cidr_blocks      = ["${var.egress_cidr_blocks}"]
-  egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks

  # Default prefix list ids
-  egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
+  egress_prefix_list_ids = var.egress_prefix_list_ids

  ##################
  # Computed Egress
  ##################
  # Rules by names - open for default CIDR
-  computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))

  # Open for self
-  computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)

  # Open to IPv4 cidr blocks
-  computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id

  #############################
  # Number of computed egress
  #############################
-  number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
-
-  number_of_computed_egress_with_self                     = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
-  number_of_computed_egress_with_cidr_blocks              = "${var.number_of_computed_egress_with_cidr_blocks}"
-  number_of_computed_egress_with_ipv6_cidr_blocks         = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
-  number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
 }
--- a/modules/_templates/outputs.tf
+++ b/modules/_templates/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.sg.this_security_group_id}"
+  value       = module.sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.sg.this_security_group_vpc_id}"
+  value       = module.sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.sg.this_security_group_owner_id}"
+  value       = module.sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.sg.this_security_group_name}"
+  value       = module.sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.sg.this_security_group_description}"
+  value       = module.sg.this_security_group_description
 }
--- a/modules/_templates/variables.tf
+++ b/modules/_templates/variables.tf
--- a/modules/carbon-relay-ng/README.md
+++ b/modules/carbon-relay-ng/README.md
@@ -4,7 +4,8 @@

 ```hcl
 module "carbon_relay-ng_security_group" {
-  source = "terraform-aws-modules/security-group/aws//modules/carbon-relay-ng"
+  source  = "terraform-aws-modules/security-group/aws//modules/carbon-relay-ng"
+  version = "~> 3.0"

  # omitted...
 }
@@ -13,85 +14,4 @@ module "carbon_relay-ng_security_group" {
 All automatic values **carbon-relay-ng module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/carbon-relay-ng/auto_values.tf).

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no |
-| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no |
-| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no |
-| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no |
-| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp" ]` | no |
-| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no |
-| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no |
-| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no |
-| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no |
-| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no |
-| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| create | Whether to create security group and all rules | string | `"true"` | no |
-| description | Description of security group | string | `"Security Group managed by Terraform"` | no |
-| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no |
-| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no |
-| egress\_rules | List of egress rules to create by name | list | `[]` | no |
-| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no |
-| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no |
-| ingress\_rules | List of ingress rules to create by name | list | `[]` | no |
-| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no |
-| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| name | Name of security group | string | n/a | yes |
-| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| tags | A mapping of tags to assign to security group | map | `{}` | no |
-| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no |
-| vpc\_id | ID of the VPC where to create security group | string | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| this\_security\_group\_description | The description of the security group |
-| this\_security\_group\_id | The ID of the security group |
-| this\_security\_group\_name | The name of the security group |
-| this\_security\_group\_owner\_id | The owner ID |
-| this\_security\_group\_vpc\_id | The VPC ID |
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/carbon-relay-ng/auto_values.tf
+++ b/modules/carbon-relay-ng/auto_values.tf
@@ -5,73 +5,75 @@

 variable "auto_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"]
 }

 variable "auto_ingress_with_self" {
  description = "List of maps defining ingress rules with self to add automatically"
-  type        = "list"
-
-  default = [{
-    "rule" = "all-all"
-  }]
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
 }

 variable "auto_egress_rules" {
  description = "List of egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["all-all"]
 }

 variable "auto_egress_with_self" {
  description = "List of maps defining egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Computed
 variable "auto_computed_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_ingress_with_self" {
  description = "List of maps defining computed ingress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 variable "auto_computed_egress_rules" {
  description = "List of computed egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_egress_with_self" {
  description = "List of maps defining computed egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Number of computed rules
 variable "auto_number_of_computed_ingress_rules" {
  description = "Number of computed ingress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_ingress_with_self" {
  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_rules" {
  description = "Number of computed egress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_with_self" {
  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }
+
--- a/modules/carbon-relay-ng/main.tf
+++ b/modules/carbon-relay-ng/main.tf
 module "sg" {
  source = "../../"

-  create          = "${var.create}"
-  name            = "${var.name}"
-  use_name_prefix = "${var.use_name_prefix}"
-  description     = "${var.description}"
-  vpc_id          = "${var.vpc_id}"
-  tags            = "${var.tags}"
+  create          = var.create
+  name            = var.name
+  use_name_prefix = var.use_name_prefix
+  description     = var.description
+  vpc_id          = var.vpc_id
+  tags            = var.tags

  ##########
  # Ingress
  ##########
  # Rules by names - open for default CIDR
-  ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"]
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))

  # Open for self
-  ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"]
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)

  # Open to IPv4 cidr blocks
-  ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"]
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"]
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"]
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id

  # Default ingress CIDR blocks
-  ingress_cidr_blocks      = ["${var.ingress_cidr_blocks}"]
-  ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks

  # Default prefix list ids
-  ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids

  ###################
  # Computed Ingress
  ###################
  # Rules by names - open for default CIDR
-  computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))

  # Open for self
-  computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)

  # Open to IPv4 cidr blocks
-  computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id

  #############################
  # Number of computed ingress
  #############################
-  number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
-
-  number_of_computed_ingress_with_self                     = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
-  number_of_computed_ingress_with_cidr_blocks              = "${var.number_of_computed_ingress_with_cidr_blocks}"
-  number_of_computed_ingress_with_ipv6_cidr_blocks         = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
-  number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id

  #########
  # Egress
  #########
  # Rules by names - open for default CIDR
-  egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"]
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))

  # Open for self
-  egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"]
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)

  # Open to IPv4 cidr blocks
-  egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"]
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"]
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks

  # Open for security group id
-  egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"]
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id

  # Default egress CIDR blocks
-  egress_cidr_blocks      = ["${var.egress_cidr_blocks}"]
-  egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks

  # Default prefix list ids
-  egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
+  egress_prefix_list_ids = var.egress_prefix_list_ids

  ##################
  # Computed Egress
  ##################
  # Rules by names - open for default CIDR
-  computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))

  # Open for self
-  computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)

  # Open to IPv4 cidr blocks
-  computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id

  #############################
  # Number of computed egress
  #############################
-  number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
-
-  number_of_computed_egress_with_self                     = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
-  number_of_computed_egress_with_cidr_blocks              = "${var.number_of_computed_egress_with_cidr_blocks}"
-  number_of_computed_egress_with_ipv6_cidr_blocks         = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
-  number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
 }
--- a/modules/carbon-relay-ng/outputs.tf
+++ b/modules/carbon-relay-ng/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.sg.this_security_group_id}"
+  value       = module.sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.sg.this_security_group_vpc_id}"
+  value       = module.sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.sg.this_security_group_owner_id}"
+  value       = module.sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.sg.this_security_group_name}"
+  value       = module.sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.sg.this_security_group_description}"
+  value       = module.sg.this_security_group_description
 }
+
--- a/modules/carbon-relay-ng/variables.tf
+++ b/modules/carbon-relay-ng/variables.tf
--- a/modules/cassandra/README.md
+++ b/modules/cassandra/README.md
@@ -4,7 +4,8 @@

 ```hcl
 module "cassandra_security_group" {
-  source = "terraform-aws-modules/security-group/aws//modules/cassandra"
+  source  = "terraform-aws-modules/security-group/aws//modules/cassandra"
+  version = "~> 3.0"

  # omitted...
 }
@@ -13,85 +14,4 @@ module "cassandra_security_group" {
 All automatic values **cassandra module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/cassandra/auto_values.tf).

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no |
-| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no |
-| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no |
-| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no |
-| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp" ]` | no |
-| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no |
-| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no |
-| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no |
-| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no |
-| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no |
-| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| create | Whether to create security group and all rules | string | `"true"` | no |
-| description | Description of security group | string | `"Security Group managed by Terraform"` | no |
-| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no |
-| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no |
-| egress\_rules | List of egress rules to create by name | list | `[]` | no |
-| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no |
-| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no |
-| ingress\_rules | List of ingress rules to create by name | list | `[]` | no |
-| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no |
-| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| name | Name of security group | string | n/a | yes |
-| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| tags | A mapping of tags to assign to security group | map | `{}` | no |
-| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no |
-| vpc\_id | ID of the VPC where to create security group | string | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| this\_security\_group\_description | The description of the security group |
-| this\_security\_group\_id | The ID of the security group |
-| this\_security\_group\_name | The name of the security group |
-| this\_security\_group\_owner\_id | The owner ID |
-| this\_security\_group\_vpc\_id | The VPC ID |
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/cassandra/auto_values.tf
+++ b/modules/cassandra/auto_values.tf
@@ -5,73 +5,75 @@

 variable "auto_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"]
 }

 variable "auto_ingress_with_self" {
  description = "List of maps defining ingress rules with self to add automatically"
-  type        = "list"
-
-  default = [{
-    "rule" = "all-all"
-  }]
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
 }

 variable "auto_egress_rules" {
  description = "List of egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["all-all"]
 }

 variable "auto_egress_with_self" {
  description = "List of maps defining egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Computed
 variable "auto_computed_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_ingress_with_self" {
  description = "List of maps defining computed ingress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 variable "auto_computed_egress_rules" {
  description = "List of computed egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_egress_with_self" {
  description = "List of maps defining computed egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Number of computed rules
 variable "auto_number_of_computed_ingress_rules" {
  description = "Number of computed ingress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_ingress_with_self" {
  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_rules" {
  description = "Number of computed egress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_with_self" {
  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }
+
--- a/modules/cassandra/main.tf
+++ b/modules/cassandra/main.tf
 module "sg" {
  source = "../../"

-  create          = "${var.create}"
-  name            = "${var.name}"
-  use_name_prefix = "${var.use_name_prefix}"
-  description     = "${var.description}"
-  vpc_id          = "${var.vpc_id}"
-  tags            = "${var.tags}"
+  create          = var.create
+  name            = var.name
+  use_name_prefix = var.use_name_prefix
+  description     = var.description
+  vpc_id          = var.vpc_id
+  tags            = var.tags

  ##########
  # Ingress
  ##########
  # Rules by names - open for default CIDR
-  ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"]
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))

  # Open for self
-  ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"]
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)

  # Open to IPv4 cidr blocks
-  ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"]
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"]
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"]
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id

  # Default ingress CIDR blocks
-  ingress_cidr_blocks      = ["${var.ingress_cidr_blocks}"]
-  ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks

  # Default prefix list ids
-  ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids

  ###################
  # Computed Ingress
  ###################
  # Rules by names - open for default CIDR
-  computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))

  # Open for self
-  computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)

  # Open to IPv4 cidr blocks
-  computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id

  #############################
  # Number of computed ingress
  #############################
-  number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
-
-  number_of_computed_ingress_with_self                     = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
-  number_of_computed_ingress_with_cidr_blocks              = "${var.number_of_computed_ingress_with_cidr_blocks}"
-  number_of_computed_ingress_with_ipv6_cidr_blocks         = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
-  number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id

  #########
  # Egress
  #########
  # Rules by names - open for default CIDR
-  egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"]
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))

  # Open for self
-  egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"]
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)

  # Open to IPv4 cidr blocks
-  egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"]
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"]
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks

  # Open for security group id
-  egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"]
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id

  # Default egress CIDR blocks
-  egress_cidr_blocks      = ["${var.egress_cidr_blocks}"]
-  egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks

  # Default prefix list ids
-  egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
+  egress_prefix_list_ids = var.egress_prefix_list_ids

  ##################
  # Computed Egress
  ##################
  # Rules by names - open for default CIDR
-  computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))

  # Open for self
-  computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)

  # Open to IPv4 cidr blocks
-  computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id

  #############################
  # Number of computed egress
  #############################
-  number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
-
-  number_of_computed_egress_with_self                     = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
-  number_of_computed_egress_with_cidr_blocks              = "${var.number_of_computed_egress_with_cidr_blocks}"
-  number_of_computed_egress_with_ipv6_cidr_blocks         = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
-  number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
 }
--- a/modules/cassandra/outputs.tf
+++ b/modules/cassandra/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.sg.this_security_group_id}"
+  value       = module.sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.sg.this_security_group_vpc_id}"
+  value       = module.sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.sg.this_security_group_owner_id}"
+  value       = module.sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.sg.this_security_group_name}"
+  value       = module.sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.sg.this_security_group_description}"
+  value       = module.sg.this_security_group_description
 }
+
--- a/modules/cassandra/variables.tf
+++ b/modules/cassandra/variables.tf
--- a/modules/consul/README.md
+++ b/modules/consul/README.md
@@ -4,7 +4,8 @@

 ```hcl
 module "consul_security_group" {
-  source = "terraform-aws-modules/security-group/aws//modules/consul"
+  source  = "terraform-aws-modules/security-group/aws//modules/consul"
+  version = "~> 3.0"

  # omitted...
 }
@@ -13,85 +14,4 @@ module "consul_security_group" {
 All automatic values **consul module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/consul/auto_values.tf).

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no |
-| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no |
-| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no |
-| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no |
-| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp" ]` | no |
-| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no |
-| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no |
-| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no |
-| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no |
-| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no |
-| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| create | Whether to create security group and all rules | string | `"true"` | no |
-| description | Description of security group | string | `"Security Group managed by Terraform"` | no |
-| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no |
-| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no |
-| egress\_rules | List of egress rules to create by name | list | `[]` | no |
-| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no |
-| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no |
-| ingress\_rules | List of ingress rules to create by name | list | `[]` | no |
-| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no |
-| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| name | Name of security group | string | n/a | yes |
-| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| tags | A mapping of tags to assign to security group | map | `{}` | no |
-| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no |
-| vpc\_id | ID of the VPC where to create security group | string | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| this\_security\_group\_description | The description of the security group |
-| this\_security\_group\_id | The ID of the security group |
-| this\_security\_group\_name | The name of the security group |
-| this\_security\_group\_owner\_id | The owner ID |
-| this\_security\_group\_vpc\_id | The VPC ID |
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/consul/auto_values.tf
+++ b/modules/consul/auto_values.tf
@@ -5,73 +5,75 @@

 variable "auto_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"]
 }

 variable "auto_ingress_with_self" {
  description = "List of maps defining ingress rules with self to add automatically"
-  type        = "list"
-
-  default = [{
-    "rule" = "all-all"
-  }]
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
 }

 variable "auto_egress_rules" {
  description = "List of egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["all-all"]
 }

 variable "auto_egress_with_self" {
  description = "List of maps defining egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Computed
 variable "auto_computed_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_ingress_with_self" {
  description = "List of maps defining computed ingress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 variable "auto_computed_egress_rules" {
  description = "List of computed egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_egress_with_self" {
  description = "List of maps defining computed egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Number of computed rules
 variable "auto_number_of_computed_ingress_rules" {
  description = "Number of computed ingress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_ingress_with_self" {
  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_rules" {
  description = "Number of computed egress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_with_self" {
  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }
+
--- a/modules/consul/main.tf
+++ b/modules/consul/main.tf
 module "sg" {
  source = "../../"

-  create          = "${var.create}"
-  name            = "${var.name}"
-  use_name_prefix = "${var.use_name_prefix}"
-  description     = "${var.description}"
-  vpc_id          = "${var.vpc_id}"
-  tags            = "${var.tags}"
+  create          = var.create
+  name            = var.name
+  use_name_prefix = var.use_name_prefix
+  description     = var.description
+  vpc_id          = var.vpc_id
+  tags            = var.tags

  ##########
  # Ingress
  ##########
  # Rules by names - open for default CIDR
-  ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"]
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))

  # Open for self
-  ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"]
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)

  # Open to IPv4 cidr blocks
-  ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"]
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"]
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"]
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id

  # Default ingress CIDR blocks
-  ingress_cidr_blocks      = ["${var.ingress_cidr_blocks}"]
-  ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks

  # Default prefix list ids
-  ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids

  ###################
  # Computed Ingress
  ###################
  # Rules by names - open for default CIDR
-  computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))

  # Open for self
-  computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)

  # Open to IPv4 cidr blocks
-  computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id

  #############################
  # Number of computed ingress
  #############################
-  number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
-
-  number_of_computed_ingress_with_self                     = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
-  number_of_computed_ingress_with_cidr_blocks              = "${var.number_of_computed_ingress_with_cidr_blocks}"
-  number_of_computed_ingress_with_ipv6_cidr_blocks         = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
-  number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id

  #########
  # Egress
  #########
  # Rules by names - open for default CIDR
-  egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"]
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))

  # Open for self
-  egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"]
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)

  # Open to IPv4 cidr blocks
-  egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"]
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"]
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks

  # Open for security group id
-  egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"]
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id

  # Default egress CIDR blocks
-  egress_cidr_blocks      = ["${var.egress_cidr_blocks}"]
-  egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks

  # Default prefix list ids
-  egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
+  egress_prefix_list_ids = var.egress_prefix_list_ids

  ##################
  # Computed Egress
  ##################
  # Rules by names - open for default CIDR
-  computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))

  # Open for self
-  computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)

  # Open to IPv4 cidr blocks
-  computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id

  #############################
  # Number of computed egress
  #############################
-  number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
-
-  number_of_computed_egress_with_self                     = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
-  number_of_computed_egress_with_cidr_blocks              = "${var.number_of_computed_egress_with_cidr_blocks}"
-  number_of_computed_egress_with_ipv6_cidr_blocks         = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
-  number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
 }
--- a/modules/consul/outputs.tf
+++ b/modules/consul/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.sg.this_security_group_id}"
+  value       = module.sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.sg.this_security_group_vpc_id}"
+  value       = module.sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.sg.this_security_group_owner_id}"
+  value       = module.sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.sg.this_security_group_name}"
+  value       = module.sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.sg.this_security_group_description}"
+  value       = module.sg.this_security_group_description
 }
+
--- a/modules/consul/variables.tf
+++ b/modules/consul/variables.tf
--- a/modules/docker-swarm/README.md
+++ b/modules/docker-swarm/README.md
@@ -4,7 +4,8 @@

 ```hcl
 module "docker_swarm_security_group" {
-  source = "terraform-aws-modules/security-group/aws//modules/docker-swarm"
+  source  = "terraform-aws-modules/security-group/aws//modules/docker-swarm"
+  version = "~> 3.0"

  # omitted...
 }
@@ -13,85 +14,4 @@ module "docker_swarm_security_group" {
 All automatic values **docker-swarm module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/docker-swarm/auto_values.tf).

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no |
-| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no |
-| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no |
-| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no |
-| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp" ]` | no |
-| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no |
-| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no |
-| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no |
-| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no |
-| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no |
-| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| create | Whether to create security group and all rules | string | `"true"` | no |
-| description | Description of security group | string | `"Security Group managed by Terraform"` | no |
-| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no |
-| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no |
-| egress\_rules | List of egress rules to create by name | list | `[]` | no |
-| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no |
-| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no |
-| ingress\_rules | List of ingress rules to create by name | list | `[]` | no |
-| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no |
-| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| name | Name of security group | string | n/a | yes |
-| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| tags | A mapping of tags to assign to security group | map | `{}` | no |
-| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no |
-| vpc\_id | ID of the VPC where to create security group | string | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| this\_security\_group\_description | The description of the security group |
-| this\_security\_group\_id | The ID of the security group |
-| this\_security\_group\_name | The name of the security group |
-| this\_security\_group\_owner\_id | The owner ID |
-| this\_security\_group\_vpc\_id | The VPC ID |
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/docker-swarm/auto_values.tf
+++ b/modules/docker-swarm/auto_values.tf
@@ -5,73 +5,75 @@

 variable "auto_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"]
 }

 variable "auto_ingress_with_self" {
  description = "List of maps defining ingress rules with self to add automatically"
-  type        = "list"
-
-  default = [{
-    "rule" = "all-all"
-  }]
+  type        = list(map(string))
+  default     = [{ "rule" = "all-all" }]
 }

 variable "auto_egress_rules" {
  description = "List of egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = ["all-all"]
 }

 variable "auto_egress_with_self" {
  description = "List of maps defining egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Computed
 variable "auto_computed_ingress_rules" {
  description = "List of ingress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_ingress_with_self" {
  description = "List of maps defining computed ingress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 variable "auto_computed_egress_rules" {
  description = "List of computed egress rules to add automatically"
-  type        = "list"
+  type        = list(string)
  default     = []
 }

 variable "auto_computed_egress_with_self" {
  description = "List of maps defining computed egress rules with self to add automatically"
-  type        = "list"
+  type        = list(map(string))
  default     = []
 }

 # Number of computed rules
 variable "auto_number_of_computed_ingress_rules" {
  description = "Number of computed ingress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_ingress_with_self" {
  description = "Number of computed ingress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_rules" {
  description = "Number of computed egress rules to create by name"
+  type        = number
  default     = 0
 }

 variable "auto_number_of_computed_egress_with_self" {
  description = "Number of computed egress rules to create where 'self' is defined"
+  type        = number
  default     = 0
 }
+
--- a/modules/docker-swarm/main.tf
+++ b/modules/docker-swarm/main.tf
 module "sg" {
  source = "../../"

-  create          = "${var.create}"
-  name            = "${var.name}"
-  use_name_prefix = "${var.use_name_prefix}"
-  description     = "${var.description}"
-  vpc_id          = "${var.vpc_id}"
-  tags            = "${var.tags}"
+  create          = var.create
+  name            = var.name
+  use_name_prefix = var.use_name_prefix
+  description     = var.description
+  vpc_id          = var.vpc_id
+  tags            = var.tags

  ##########
  # Ingress
  ##########
  # Rules by names - open for default CIDR
-  ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"]
+  ingress_rules = sort(compact(distinct(concat(var.auto_ingress_rules, var.ingress_rules, [""]))))

  # Open for self
-  ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"]
+  ingress_with_self = concat(var.auto_ingress_with_self, var.ingress_with_self)

  # Open to IPv4 cidr blocks
-  ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"]
+  ingress_with_cidr_blocks = var.ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"]
+  ingress_with_ipv6_cidr_blocks = var.ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"]
+  ingress_with_source_security_group_id = var.ingress_with_source_security_group_id

  # Default ingress CIDR blocks
-  ingress_cidr_blocks      = ["${var.ingress_cidr_blocks}"]
-  ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
+  ingress_cidr_blocks      = var.ingress_cidr_blocks
+  ingress_ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks

  # Default prefix list ids
-  ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
+  ingress_prefix_list_ids = var.ingress_prefix_list_ids

  ###################
  # Computed Ingress
  ###################
  # Rules by names - open for default CIDR
-  computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
+  computed_ingress_rules = sort(compact(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules, [""]))))

  # Open for self
-  computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
+  computed_ingress_with_self = concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)

  # Open to IPv4 cidr blocks
-  computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
+  computed_ingress_with_cidr_blocks = var.computed_ingress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
+  computed_ingress_with_ipv6_cidr_blocks = var.computed_ingress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
+  computed_ingress_with_source_security_group_id = var.computed_ingress_with_source_security_group_id

  #############################
  # Number of computed ingress
  #############################
-  number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
-
-  number_of_computed_ingress_with_self                     = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
-  number_of_computed_ingress_with_cidr_blocks              = "${var.number_of_computed_ingress_with_cidr_blocks}"
-  number_of_computed_ingress_with_ipv6_cidr_blocks         = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
-  number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
+  number_of_computed_ingress_rules                         = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules
+  number_of_computed_ingress_with_self                     = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self
+  number_of_computed_ingress_with_cidr_blocks              = var.number_of_computed_ingress_with_cidr_blocks
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = var.number_of_computed_ingress_with_ipv6_cidr_blocks
+  number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id

  #########
  # Egress
  #########
  # Rules by names - open for default CIDR
-  egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"]
+  egress_rules = sort(compact(distinct(concat(var.auto_egress_rules, var.egress_rules, [""]))))

  # Open for self
-  egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"]
+  egress_with_self = concat(var.auto_egress_with_self, var.egress_with_self)

  # Open to IPv4 cidr blocks
-  egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"]
+  egress_with_cidr_blocks = var.egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"]
+  egress_with_ipv6_cidr_blocks = var.egress_with_ipv6_cidr_blocks

  # Open for security group id
-  egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"]
+  egress_with_source_security_group_id = var.egress_with_source_security_group_id

  # Default egress CIDR blocks
-  egress_cidr_blocks      = ["${var.egress_cidr_blocks}"]
-  egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
+  egress_cidr_blocks      = var.egress_cidr_blocks
+  egress_ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks

  # Default prefix list ids
-  egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
+  egress_prefix_list_ids = var.egress_prefix_list_ids

  ##################
  # Computed Egress
  ##################
  # Rules by names - open for default CIDR
-  computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
+  computed_egress_rules = sort(compact(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules, [""]))))

  # Open for self
-  computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
+  computed_egress_with_self = concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)

  # Open to IPv4 cidr blocks
-  computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
+  computed_egress_with_cidr_blocks = var.computed_egress_with_cidr_blocks

  # Open to IPv6 cidr blocks
-  computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
+  computed_egress_with_ipv6_cidr_blocks = var.computed_egress_with_ipv6_cidr_blocks

  # Open for security group id
-  computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
+  computed_egress_with_source_security_group_id = var.computed_egress_with_source_security_group_id

  #############################
  # Number of computed egress
  #############################
-  number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
-
-  number_of_computed_egress_with_self                     = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
-  number_of_computed_egress_with_cidr_blocks              = "${var.number_of_computed_egress_with_cidr_blocks}"
-  number_of_computed_egress_with_ipv6_cidr_blocks         = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
-  number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
+  number_of_computed_egress_rules                         = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules
+  number_of_computed_egress_with_self                     = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self
+  number_of_computed_egress_with_cidr_blocks              = var.number_of_computed_egress_with_cidr_blocks
+  number_of_computed_egress_with_ipv6_cidr_blocks         = var.number_of_computed_egress_with_ipv6_cidr_blocks
+  number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id
 }
--- a/modules/docker-swarm/outputs.tf
+++ b/modules/docker-swarm/outputs.tf
 output "this_security_group_id" {
  description = "The ID of the security group"
-  value       = "${module.sg.this_security_group_id}"
+  value       = module.sg.this_security_group_id
 }

 output "this_security_group_vpc_id" {
  description = "The VPC ID"
-  value       = "${module.sg.this_security_group_vpc_id}"
+  value       = module.sg.this_security_group_vpc_id
 }

 output "this_security_group_owner_id" {
  description = "The owner ID"
-  value       = "${module.sg.this_security_group_owner_id}"
+  value       = module.sg.this_security_group_owner_id
 }

 output "this_security_group_name" {
  description = "The name of the security group"
-  value       = "${module.sg.this_security_group_name}"
+  value       = module.sg.this_security_group_name
 }

 output "this_security_group_description" {
  description = "The description of the security group"
-  value       = "${module.sg.this_security_group_description}"
+  value       = module.sg.this_security_group_description
 }
+
--- a/modules/docker-swarm/variables.tf
+++ b/modules/docker-swarm/variables.tf
--- a/modules/elasticsearch/README.md
+++ b/modules/elasticsearch/README.md
@@ -4,7 +4,8 @@

 ```hcl
 module "elasticsearch_security_group" {
-  source = "terraform-aws-modules/security-group/aws//modules/elasticsearch"
+  source  = "terraform-aws-modules/security-group/aws//modules/elasticsearch"
+  version = "~> 3.0"

  # omitted...
 }
@@ -13,85 +14,4 @@ module "elasticsearch_security_group" {
 All automatic values **elasticsearch module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/elasticsearch/auto_values.tf).

 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| auto\_computed\_egress\_rules | List of computed egress rules to add automatically | list | `[]` | no |
-| auto\_computed\_egress\_with\_self | List of maps defining computed egress rules with self to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_rules | List of ingress rules to add automatically | list | `[]` | no |
-| auto\_computed\_ingress\_with\_self | List of maps defining computed ingress rules with self to add automatically | list | `[]` | no |
-| auto\_egress\_rules | List of egress rules to add automatically | list | `[ "all-all" ]` | no |
-| auto\_egress\_with\_self | List of maps defining egress rules with self to add automatically | list | `[]` | no |
-| auto\_ingress\_rules | List of ingress rules to add automatically | list | `[ "elasticsearch-rest-tcp", "elasticsearch-java-tcp" ]` | no |
-| auto\_ingress\_with\_self | List of maps defining ingress rules with self to add automatically | list | `[ { "rule": "all-all" } ]` | no |
-| auto\_number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| auto\_number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| computed\_egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| computed\_egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | list | `[ "::/0" ]` | no |
-| computed\_egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | list | `[]` | no |
-| computed\_egress\_rules | List of computed egress rules to create by name | list | `[]` | no |
-| computed\_egress\_with\_cidr\_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_ipv6\_cidr\_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_egress\_with\_self | List of computed egress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_egress\_with\_source\_security\_group\_id | List of computed egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| computed\_ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | list | `[]` | no |
-| computed\_ingress\_rules | List of computed ingress rules to create by name | list | `[]` | no |
-| computed\_ingress\_with\_cidr\_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_ipv6\_cidr\_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| computed\_ingress\_with\_self | List of computed ingress rules to create where 'self' is defined | list | `[]` | no |
-| computed\_ingress\_with\_source\_security\_group\_id | List of computed ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| create | Whether to create security group and all rules | string | `"true"` | no |
-| description | Description of security group | string | `"Security Group managed by Terraform"` | no |
-| egress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all egress rules | list | `[ "0.0.0.0/0" ]` | no |
-| egress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all egress rules | list | `[ "::/0" ]` | no |
-| egress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list | `[]` | no |
-| egress\_rules | List of egress rules to create by name | list | `[]` | no |
-| egress\_with\_cidr\_blocks | List of egress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_ipv6\_cidr\_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| egress\_with\_self | List of egress rules to create where 'self' is defined | list | `[]` | no |
-| egress\_with\_source\_security\_group\_id | List of egress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| ingress\_cidr\_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_ipv6\_cidr\_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list | `[]` | no |
-| ingress\_prefix\_list\_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list | `[]` | no |
-| ingress\_rules | List of ingress rules to create by name | list | `[]` | no |
-| ingress\_with\_cidr\_blocks | List of ingress rules to create where 'cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_ipv6\_cidr\_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list | `[]` | no |
-| ingress\_with\_self | List of ingress rules to create where 'self' is defined | list | `[]` | no |
-| ingress\_with\_source\_security\_group\_id | List of ingress rules to create where 'source_security_group_id' is used | list | `[]` | no |
-| name | Name of security group | string | n/a | yes |
-| number\_of\_computed\_egress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `"0"` | no |
-| number\_of\_computed\_egress\_rules | Number of computed egress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_cidr\_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_self | Number of computed egress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_egress\_with\_source\_security\_group\_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_cidr\_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_ipv6\_cidr\_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_prefix\_list\_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `"0"` | no |
-| number\_of\_computed\_ingress\_rules | Number of computed ingress rules to create by name | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_cidr\_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_self | Number of computed ingress rules to create where 'self' is defined | string | `"0"` | no |
-| number\_of\_computed\_ingress\_with\_source\_security\_group\_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `"0"` | no |
-| tags | A mapping of tags to assign to security group | map | `{}` | no |
-| use\_name\_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `"true"` | no |
-| vpc\_id | ID of the VPC where to create security group | string | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| this\_security\_group\_description | The description of the security group |
-| this\_security\_group\_id | The ID of the security group |
-| this\_security\_group\_name | The name of the security group |
-| this\_security\_group\_owner\_id | The owner ID |
-| this\_security\_group\_vpc\_id | The VPC ID |
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/elasticsearch/auto_values.tf
+++ b/modules/elasticsearch/auto_values.tf
--- a/modules/elasticsearch/main.tf
+++ b/modules/elasticsearch/main.tf
--- a/modules/elasticsearch/outputs.tf
+++ b/modules/elasticsearch/outputs.tf
--- a/modules/elasticsearch/variables.tf
+++ b/modules/elasticsearch/variables.tf
--- a/modules/http-80/README.md
+++ b/modules/http-80/README.md
--- a/modules/http-80/auto_values.tf
+++ b/modules/http-80/auto_values.tf
--- a/modules/http-80/main.tf
+++ b/modules/http-80/main.tf
--- a/modules/http-80/outputs.tf
+++ b/modules/http-80/outputs.tf
--- a/modules/http-80/variables.tf
+++ b/modules/http-80/variables.tf
--- a/modules/http-8080/README.md
+++ b/modules/http-8080/README.md
--- a/modules/http-8080/auto_values.tf
+++ b/modules/http-8080/auto_values.tf
--- a/modules/http-8080/main.tf
+++ b/modules/http-8080/main.tf
--- a/modules/http-8080/outputs.tf
+++ b/modules/http-8080/outputs.tf
--- a/modules/http-8080/variables.tf
+++ b/modules/http-8080/variables.tf
--- a/modules/https-443/README.md
+++ b/modules/https-443/README.md
--- a/modules/https-443/auto_values.tf
+++ b/modules/https-443/auto_values.tf
--- a/modules/https-443/main.tf
+++ b/modules/https-443/main.tf
--- a/modules/https-443/outputs.tf
+++ b/modules/https-443/outputs.tf
--- a/modules/https-443/variables.tf
+++ b/modules/https-443/variables.tf
--- a/modules/https-8443/README.md
+++ b/modules/https-8443/README.md
--- a/modules/https-8443/auto_values.tf
+++ b/modules/https-8443/auto_values.tf
--- a/modules/https-8443/main.tf
+++ b/modules/https-8443/main.tf
--- a/modules/https-8443/outputs.tf
+++ b/modules/https-8443/outputs.tf
--- a/modules/https-8443/variables.tf
+++ b/modules/https-8443/variables.tf
--- a/modules/ipsec-4500/README.md
+++ b/modules/ipsec-4500/README.md
--- a/modules/ipsec-4500/auto_values.tf
+++ b/modules/ipsec-4500/auto_values.tf
--- a/modules/ipsec-4500/main.tf
+++ b/modules/ipsec-4500/main.tf
--- a/modules/ipsec-4500/outputs.tf
+++ b/modules/ipsec-4500/outputs.tf
--- a/modules/ipsec-4500/variables.tf
+++ b/modules/ipsec-4500/variables.tf
--- a/modules/ipsec-500/README.md
+++ b/modules/ipsec-500/README.md
--- a/modules/ipsec-500/auto_values.tf
+++ b/modules/ipsec-500/auto_values.tf
--- a/modules/ipsec-500/main.tf
+++ b/modules/ipsec-500/main.tf
--- a/modules/ipsec-500/outputs.tf
+++ b/modules/ipsec-500/outputs.tf
--- a/modules/ipsec-500/variables.tf
+++ b/modules/ipsec-500/variables.tf
--- a/modules/kafka/README.md
+++ b/modules/kafka/README.md
--- a/modules/kafka/auto_values.tf
+++ b/modules/kafka/auto_values.tf
--- a/modules/kafka/main.tf
+++ b/modules/kafka/main.tf
--- a/modules/kafka/outputs.tf
+++ b/modules/kafka/outputs.tf
--- a/modules/kafka/variables.tf
+++ b/modules/kafka/variables.tf
--- a/modules/ldaps/README.md
+++ b/modules/ldaps/README.md
--- a/modules/ldaps/auto_values.tf
+++ b/modules/ldaps/auto_values.tf
--- a/modules/ldaps/main.tf
+++ b/modules/ldaps/main.tf
--- a/modules/ldaps/outputs.tf
+++ b/modules/ldaps/outputs.tf
--- a/modules/ldaps/variables.tf
+++ b/modules/ldaps/variables.tf
--- a/modules/memcached/README.md
+++ b/modules/memcached/README.md
--- a/modules/memcached/auto_values.tf
+++ b/modules/memcached/auto_values.tf
--- a/modules/memcached/main.tf
+++ b/modules/memcached/main.tf
--- a/modules/memcached/outputs.tf
+++ b/modules/memcached/outputs.tf
--- a/modules/memcached/variables.tf
+++ b/modules/memcached/variables.tf
--- a/modules/mongodb/README.md
+++ b/modules/mongodb/README.md
--- a/modules/mongodb/auto_values.tf
+++ b/modules/mongodb/auto_values.tf
--- a/modules/mongodb/main.tf
+++ b/modules/mongodb/main.tf
--- a/modules/mongodb/outputs.tf
+++ b/modules/mongodb/outputs.tf
--- a/modules/mongodb/variables.tf
+++ b/modules/mongodb/variables.tf
--- a/modules/mssql/README.md
+++ b/modules/mssql/README.md
--- a/modules/mssql/auto_values.tf
+++ b/modules/mssql/auto_values.tf
--- a/modules/mssql/main.tf
+++ b/modules/mssql/main.tf
--- a/modules/mssql/outputs.tf
+++ b/modules/mssql/outputs.tf
--- a/modules/mssql/variables.tf
+++ b/modules/mssql/variables.tf
--- a/modules/mysql/README.md
+++ b/modules/mysql/README.md
--- a/modules/mysql/auto_values.tf
+++ b/modules/mysql/auto_values.tf
--- a/modules/mysql/main.tf
+++ b/modules/mysql/main.tf
--- a/modules/mysql/outputs.tf
+++ b/modules/mysql/outputs.tf
--- a/modules/mysql/variables.tf
+++ b/modules/mysql/variables.tf
--- a/modules/nfs/README.md
+++ b/modules/nfs/README.md
--- a/modules/nfs/auto_values.tf
+++ b/modules/nfs/auto_values.tf
--- a/modules/nfs/main.tf
+++ b/modules/nfs/main.tf
--- a/modules/nfs/outputs.tf
+++ b/modules/nfs/outputs.tf
--- a/modules/nfs/variables.tf
+++ b/modules/nfs/variables.tf
--- a/modules/nomad/README.md
+++ b/modules/nomad/README.md
--- a/modules/nomad/auto_values.tf
+++ b/modules/nomad/auto_values.tf
--- a/modules/nomad/main.tf
+++ b/modules/nomad/main.tf
--- a/modules/nomad/outputs.tf
+++ b/modules/nomad/outputs.tf
--- a/modules/nomad/variables.tf
+++ b/modules/nomad/variables.tf
--- a/modules/ntp/README.md
+++ b/modules/ntp/README.md
--- a/modules/ntp/auto_values.tf
+++ b/modules/ntp/auto_values.tf
--- a/modules/ntp/main.tf
+++ b/modules/ntp/main.tf
--- a/modules/ntp/outputs.tf
+++ b/modules/ntp/outputs.tf
--- a/modules/ntp/variables.tf
+++ b/modules/ntp/variables.tf
--- a/modules/openvpn/README.md
+++ b/modules/openvpn/README.md
--- a/modules/openvpn/auto_values.tf
+++ b/modules/openvpn/auto_values.tf
--- a/modules/openvpn/main.tf
+++ b/modules/openvpn/main.tf
--- a/modules/openvpn/outputs.tf
+++ b/modules/openvpn/outputs.tf
--- a/modules/openvpn/variables.tf
+++ b/modules/openvpn/variables.tf
--- a/modules/oracle-db/README.md
+++ b/modules/oracle-db/README.md
--- a/modules/oracle-db/auto_values.tf
+++ b/modules/oracle-db/auto_values.tf
--- a/modules/oracle-db/main.tf
+++ b/modules/oracle-db/main.tf
--- a/modules/oracle-db/outputs.tf
+++ b/modules/oracle-db/outputs.tf
--- a/modules/oracle-db/variables.tf
+++ b/modules/oracle-db/variables.tf
--- a/modules/postgresql/README.md
+++ b/modules/postgresql/README.md
--- a/modules/postgresql/auto_values.tf
+++ b/modules/postgresql/auto_values.tf
--- a/modules/postgresql/main.tf
+++ b/modules/postgresql/main.tf
--- a/modules/postgresql/outputs.tf
+++ b/modules/postgresql/outputs.tf
--- a/modules/postgresql/variables.tf
+++ b/modules/postgresql/variables.tf
--- a/modules/puppet/README.md
+++ b/modules/puppet/README.md
--- a/modules/puppet/auto_values.tf
+++ b/modules/puppet/auto_values.tf
--- a/modules/puppet/main.tf
+++ b/modules/puppet/main.tf
--- a/modules/puppet/outputs.tf
+++ b/modules/puppet/outputs.tf
--- a/modules/puppet/variables.tf
+++ b/modules/puppet/variables.tf
--- a/modules/rabbitmq/README.md
+++ b/modules/rabbitmq/README.md
--- a/modules/rabbitmq/auto_values.tf
+++ b/modules/rabbitmq/auto_values.tf
--- a/modules/rabbitmq/main.tf
+++ b/modules/rabbitmq/main.tf
--- a/modules/rabbitmq/outputs.tf
+++ b/modules/rabbitmq/outputs.tf
--- a/modules/rabbitmq/variables.tf
+++ b/modules/rabbitmq/variables.tf
--- a/modules/rdp/README.md
+++ b/modules/rdp/README.md
--- a/modules/rdp/auto_values.tf
+++ b/modules/rdp/auto_values.tf
--- a/modules/rdp/main.tf
+++ b/modules/rdp/main.tf
--- a/modules/rdp/outputs.tf
+++ b/modules/rdp/outputs.tf
--- a/modules/rdp/variables.tf
+++ b/modules/rdp/variables.tf
--- a/modules/redis/README.md
+++ b/modules/redis/README.md
--- a/modules/redis/auto_values.tf
+++ b/modules/redis/auto_values.tf
--- a/modules/redis/main.tf
+++ b/modules/redis/main.tf
--- a/modules/redis/outputs.tf
+++ b/modules/redis/outputs.tf
--- a/modules/redis/variables.tf
+++ b/modules/redis/variables.tf
--- a/modules/redshift/README.md
+++ b/modules/redshift/README.md
--- a/modules/redshift/auto_values.tf
+++ b/modules/redshift/auto_values.tf
--- a/modules/redshift/main.tf
+++ b/modules/redshift/main.tf
--- a/modules/redshift/outputs.tf
+++ b/modules/redshift/outputs.tf
--- a/modules/redshift/variables.tf
+++ b/modules/redshift/variables.tf
--- a/modules/splunk/README.md
+++ b/modules/splunk/README.md
--- a/modules/splunk/auto_values.tf
+++ b/modules/splunk/auto_values.tf
--- a/modules/splunk/main.tf
+++ b/modules/splunk/main.tf
--- a/modules/splunk/outputs.tf
+++ b/modules/splunk/outputs.tf
--- a/modules/splunk/variables.tf
+++ b/modules/splunk/variables.tf
--- a/modules/squid/README.md
+++ b/modules/squid/README.md
--- a/modules/squid/auto_values.tf
+++ b/modules/squid/auto_values.tf
--- a/modules/squid/main.tf
+++ b/modules/squid/main.tf
--- a/modules/squid/outputs.tf
+++ b/modules/squid/outputs.tf
--- a/modules/squid/variables.tf
+++ b/modules/squid/variables.tf
--- a/modules/ssh/README.md
+++ b/modules/ssh/README.md
--- a/modules/ssh/auto_values.tf
+++ b/modules/ssh/auto_values.tf
--- a/modules/ssh/main.tf
+++ b/modules/ssh/main.tf
--- a/modules/ssh/outputs.tf
+++ b/modules/ssh/outputs.tf
--- a/modules/ssh/variables.tf
+++ b/modules/ssh/variables.tf
--- a/modules/storm/README.md
+++ b/modules/storm/README.md
--- a/modules/storm/auto_values.tf
+++ b/modules/storm/auto_values.tf
--- a/modules/storm/main.tf
+++ b/modules/storm/main.tf
--- a/modules/storm/outputs.tf
+++ b/modules/storm/outputs.tf
--- a/modules/storm/variables.tf
+++ b/modules/storm/variables.tf
--- a/modules/web/README.md
+++ b/modules/web/README.md
--- a/modules/web/auto_values.tf
+++ b/modules/web/auto_values.tf
--- a/modules/web/main.tf
+++ b/modules/web/main.tf
--- a/modules/web/outputs.tf
+++ b/modules/web/outputs.tf
--- a/modules/web/variables.tf
+++ b/modules/web/variables.tf
--- a/modules/winrm/README.md
+++ b/modules/winrm/README.md
--- a/modules/winrm/auto_values.tf
+++ b/modules/winrm/auto_values.tf
--- a/modules/winrm/main.tf
+++ b/modules/winrm/main.tf
--- a/modules/winrm/outputs.tf
+++ b/modules/winrm/outputs.tf
--- a/modules/winrm/variables.tf
+++ b/modules/winrm/variables.tf
--- a/modules/zipkin/README.md
+++ b/modules/zipkin/README.md
--- a/modules/zipkin/auto_values.tf
+++ b/modules/zipkin/auto_values.tf
--- a/modules/zipkin/main.tf
+++ b/modules/zipkin/main.tf
--- a/modules/zipkin/outputs.tf
+++ b/modules/zipkin/outputs.tf
--- a/modules/zipkin/variables.tf
+++ b/modules/zipkin/variables.tf
--- a/modules/zookeeper/README.md
+++ b/modules/zookeeper/README.md
--- a/modules/zookeeper/auto_values.tf
+++ b/modules/zookeeper/auto_values.tf
--- a/modules/zookeeper/main.tf
+++ b/modules/zookeeper/main.tf
--- a/modules/zookeeper/outputs.tf
+++ b/modules/zookeeper/outputs.tf
--- a/modules/zookeeper/variables.tf
+++ b/modules/zookeeper/variables.tf
--- a/outputs.tf
+++ b/outputs.tf
--- a/rules.tf
+++ b/rules.tf
--- a/update_groups.sh
+++ b/update_groups.sh
--- a/variables.tf
+++ b/variables.tf