Added missing files for ntp rules

8bf1919e · Anton Babenko · c52fbbeb · 8bf1919e · 8bf1919e · 8bf1919e
Commit 8bf1919e authored Oct 11, 2018 by Anton Babenko
7 changed files
--- a/modules/README.md
+++ b/modules/README.md
@@ -18,6 +18,7 @@ List of Security Groups implemented as Terraform modules
 * [mysql](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mysql)
 * [nfs](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/nfs)
 * [nomad](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/nomad)
+* [ntp](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ntp)
 * [openvpn](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/openvpn)
 * [oracle-db](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/oracle-db)
 * [postgresql](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/postgresql)

--- a/modules/ntp/README.md
+++ b/modules/ntp/README.md
+# ntp - AWS EC2-VPC Security Group Terraform module
+
+## Usage
+
+```hcl
+module "ntp_security_group" {
+  source = "terraform-aws-modules/security-group/aws//modules/ntp"
+
+  # omitted...
+}
+```
+
+All automatic values **ntp module** is using are available [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/ntp/auto_values.tf).
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
+| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
+| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
+| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
+| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
+| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
+| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
+| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
+| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
+| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
+| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
+| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
+| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
+| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
+| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
+| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
+| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
+| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
+| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
+| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
+| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
+| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
+| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
+| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
+| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
+| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
+| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
+| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
+| create | Whether to create security group and all rules | string | `true` | no |
+| description | Description of security group | string | `Security Group managed by Terraform` | no |
+| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
+| egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all egress rules | string | `<list>` | no |
+| egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | string | `<list>` | no |
+| egress_rules | List of egress rules to create by name | string | `<list>` | no |
+| egress_with_cidr_blocks | List of egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
+| egress_with_ipv6_cidr_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
+| egress_with_self | List of egress rules to create where 'self' is defined | string | `<list>` | no |
+| egress_with_source_security_group_id | List of egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
+| ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all ingress rules | string | `<list>` | no |
+| ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all ingress rules | string | `<list>` | no |
+| ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | string | `<list>` | no |
+| ingress_rules | List of ingress rules to create by name | string | `<list>` | no |
+| ingress_with_cidr_blocks | List of ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
+| ingress_with_ipv6_cidr_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
+| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
+| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
+| name | Name of security group | string | - | yes |
+| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
+| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
+| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
+| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
+| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
+| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
+| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
+| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
+| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
+| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
+| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
+| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
+| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
+| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
+| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
+| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
+| tags | A mapping of tags to assign to security group | string | `<map>` | no |
+| vpc_id | ID of the VPC where to create security group | string | - | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this_security_group_description | The description of the security group |
+| this_security_group_id | The ID of the security group |
+| this_security_group_name | The name of the security group |
+| this_security_group_owner_id | The owner ID |
+| this_security_group_vpc_id | The VPC ID |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/ntp/auto_values.tf
+++ b/modules/ntp/auto_values.tf
+# This file was generated from values defined in rules.tf using update_groups.sh.
+###################################
+# DO NOT CHANGE THIS FILE MANUALLY
+###################################
+
+variable "auto_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = "list"
+  default     = ["ntp-udp"]
+}
+
+variable "auto_ingress_with_self" {
+  description = "List of maps defining ingress rules with self to add automatically"
+  type        = "list"
+
+  default = [{
+    "rule" = "all-all"
+  }]
+}
+
+variable "auto_egress_rules" {
+  description = "List of egress rules to add automatically"
+  type        = "list"
+  default     = ["all-all"]
+}
+
+variable "auto_egress_with_self" {
+  description = "List of maps defining egress rules with self to add automatically"
+  type        = "list"
+  default     = []
+}
+
+# Computed
+variable "auto_computed_ingress_rules" {
+  description = "List of ingress rules to add automatically"
+  type        = "list"
+  default     = []
+}
+
+variable "auto_computed_ingress_with_self" {
+  description = "List of maps defining computed ingress rules with self to add automatically"
+  type        = "list"
+  default     = []
+}
+
+variable "auto_computed_egress_rules" {
+  description = "List of computed egress rules to add automatically"
+  type        = "list"
+  default     = []
+}
+
+variable "auto_computed_egress_with_self" {
+  description = "List of maps defining computed egress rules with self to add automatically"
+  type        = "list"
+  default     = []
+}
+
+# Number of computed rules
+variable "auto_number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  default     = 0
+}
+
+variable "auto_number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  default     = 0
+}
+
+variable "auto_number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  default     = 0
+}
--- a/modules/ntp/main.tf
+++ b/modules/ntp/main.tf
+module "sg" {
+  source = "../../"
+
+  create      = "${var.create}"
+  name        = "${var.name}"
+  description = "${var.description}"
+  vpc_id      = "${var.vpc_id}"
+  tags        = "${var.tags}"
+
+  ##########
+  # Ingress
+  ##########
+  # Rules by names - open for default CIDR
+  ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"]
+
+  # Open for self
+  ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"]
+
+  # Open to IPv4 cidr blocks
+  ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"]
+
+  # Open to IPv6 cidr blocks
+  ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"]
+
+  # Open for security group id
+  ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"]
+
+  # Default ingress CIDR blocks
+  ingress_cidr_blocks      = ["${var.ingress_cidr_blocks}"]
+  ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
+
+  # Default prefix list ids
+  ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
+
+  ###################
+  # Computed Ingress
+  ###################
+  # Rules by names - open for default CIDR
+  computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
+
+  # Open for self
+  computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
+
+  # Open to IPv4 cidr blocks
+  computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
+
+  # Open to IPv6 cidr blocks
+  computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
+
+  # Open for security group id
+  computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
+
+  #############################
+  # Number of computed ingress
+  #############################
+  number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
+
+  number_of_computed_ingress_with_self                     = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
+  number_of_computed_ingress_with_cidr_blocks              = "${var.number_of_computed_ingress_with_cidr_blocks}"
+  number_of_computed_ingress_with_ipv6_cidr_blocks         = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
+  number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
+
+  #########
+  # Egress
+  #########
+  # Rules by names - open for default CIDR
+  egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"]
+
+  # Open for self
+  egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"]
+
+  # Open to IPv4 cidr blocks
+  egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"]
+
+  # Open to IPv6 cidr blocks
+  egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"]
+
+  # Open for security group id
+  egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"]
+
+  # Default egress CIDR blocks
+  egress_cidr_blocks      = ["${var.egress_cidr_blocks}"]
+  egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
+
+  # Default prefix list ids
+  egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
+
+  ##################
+  # Computed Egress
+  ##################
+  # Rules by names - open for default CIDR
+  computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
+
+  # Open for self
+  computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
+
+  # Open to IPv4 cidr blocks
+  computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
+
+  # Open to IPv6 cidr blocks
+  computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
+
+  # Open for security group id
+  computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
+
+  #############################
+  # Number of computed egress
+  #############################
+  number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
+
+  number_of_computed_egress_with_self                     = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
+  number_of_computed_egress_with_cidr_blocks              = "${var.number_of_computed_egress_with_cidr_blocks}"
+  number_of_computed_egress_with_ipv6_cidr_blocks         = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
+  number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
+}
--- a/modules/ntp/outputs.tf
+++ b/modules/ntp/outputs.tf
+output "this_security_group_id" {
+  description = "The ID of the security group"
+  value       = "${module.sg.this_security_group_id}"
+}
+
+output "this_security_group_vpc_id" {
+  description = "The VPC ID"
+  value       = "${module.sg.this_security_group_vpc_id}"
+}
+
+output "this_security_group_owner_id" {
+  description = "The owner ID"
+  value       = "${module.sg.this_security_group_owner_id}"
+}
+
+output "this_security_group_name" {
+  description = "The name of the security group"
+  value       = "${module.sg.this_security_group_name}"
+}
+
+output "this_security_group_description" {
+  description = "The description of the security group"
+  value       = "${module.sg.this_security_group_description}"
+}
--- a/modules/ntp/variables.tf
+++ b/modules/ntp/variables.tf
+#################
+# Security group
+#################
+variable "create" {
+  description = "Whether to create security group and all rules"
+  default     = true
+}
+
+variable "vpc_id" {
+  description = "ID of the VPC where to create security group"
+}
+
+variable "name" {
+  description = "Name of security group"
+}
+
+variable "description" {
+  description = "Description of security group"
+  default     = "Security Group managed by Terraform"
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to security group"
+  default     = {}
+}
+
+##########
+# Ingress
+##########
+variable "ingress_rules" {
+  description = "List of ingress rules to create by name"
+  default     = []
+}
+
+variable "ingress_with_self" {
+  description = "List of ingress rules to create where 'self' is defined"
+  default     = []
+}
+
+variable "ingress_with_cidr_blocks" {
+  description = "List of ingress rules to create where 'cidr_blocks' is used"
+  default     = []
+}
+
+variable "ingress_with_ipv6_cidr_blocks" {
+  description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used"
+  default     = []
+}
+
+variable "ingress_with_source_security_group_id" {
+  description = "List of ingress rules to create where 'source_security_group_id' is used"
+  default     = []
+}
+
+variable "ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all ingress rules"
+  default     = []
+}
+
+variable "ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all ingress rules"
+  default     = []
+}
+
+variable "ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules"
+  default     = []
+}
+
+###################
+# Computed Ingress
+###################
+variable "computed_ingress_rules" {
+  description = "List of computed ingress rules to create by name"
+  default     = []
+}
+
+variable "computed_ingress_with_self" {
+  description = "List of computed ingress rules to create where 'self' is defined"
+  default     = []
+}
+
+variable "computed_ingress_with_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'cidr_blocks' is used"
+  default     = []
+}
+
+variable "computed_ingress_with_ipv6_cidr_blocks" {
+  description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  default     = []
+}
+
+variable "computed_ingress_with_source_security_group_id" {
+  description = "List of computed ingress rules to create where 'source_security_group_id' is used"
+  default     = []
+}
+
+variable "computed_ingress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
+  default     = []
+}
+
+variable "computed_ingress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
+  default     = []
+}
+
+variable "computed_ingress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  default     = []
+}
+
+###################################
+# Number of computed ingress rules
+###################################
+variable "number_of_computed_ingress_rules" {
+  description = "Number of computed ingress rules to create by name"
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_self" {
+  description = "Number of computed ingress rules to create where 'self' is defined"
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
+  description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
+  default     = 0
+}
+
+variable "number_of_computed_ingress_with_source_security_group_id" {
+  description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
+  default     = 0
+}
+
+variable "number_of_computed_ingress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
+  default     = 0
+}
+
+variable "number_of_computed_ingress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
+  default     = 0
+}
+
+variable "number_of_computed_ingress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
+  default     = 0
+}
+
+#########
+# Egress
+#########
+variable "egress_rules" {
+  description = "List of egress rules to create by name"
+  default     = []
+}
+
+variable "egress_with_self" {
+  description = "List of egress rules to create where 'self' is defined"
+  default     = []
+}
+
+variable "egress_with_cidr_blocks" {
+  description = "List of egress rules to create where 'cidr_blocks' is used"
+  default     = []
+}
+
+variable "egress_with_ipv6_cidr_blocks" {
+  description = "List of egress rules to create where 'ipv6_cidr_blocks' is used"
+  default     = []
+}
+
+variable "egress_with_source_security_group_id" {
+  description = "List of egress rules to create where 'source_security_group_id' is used"
+  default     = []
+}
+
+variable "egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all egress rules"
+  default     = ["0.0.0.0/0"]
+}
+
+variable "egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all egress rules"
+  default     = ["::/0"]
+}
+
+variable "egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
+  default     = []
+}
+
+##################
+# Computed Egress
+##################
+variable "computed_egress_rules" {
+  description = "List of computed egress rules to create by name"
+  default     = []
+}
+
+variable "computed_egress_with_self" {
+  description = "List of computed egress rules to create where 'self' is defined"
+  default     = []
+}
+
+variable "computed_egress_with_cidr_blocks" {
+  description = "List of computed egress rules to create where 'cidr_blocks' is used"
+  default     = []
+}
+
+variable "computed_egress_with_ipv6_cidr_blocks" {
+  description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  default     = []
+}
+
+variable "computed_egress_with_source_security_group_id" {
+  description = "List of computed egress rules to create where 'source_security_group_id' is used"
+  default     = []
+}
+
+variable "computed_egress_cidr_blocks" {
+  description = "List of IPv4 CIDR ranges to use on all computed egress rules"
+  default     = ["0.0.0.0/0"]
+}
+
+variable "computed_egress_ipv6_cidr_blocks" {
+  description = "List of IPv6 CIDR ranges to use on all computed egress rules"
+  default     = ["::/0"]
+}
+
+variable "computed_egress_prefix_list_ids" {
+  description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  default     = []
+}
+
+##################################
+# Number of computed egress rules
+##################################
+variable "number_of_computed_egress_rules" {
+  description = "Number of computed egress rules to create by name"
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_self" {
+  description = "Number of computed egress rules to create where 'self' is defined"
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'cidr_blocks' is used"
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
+  description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
+  default     = 0
+}
+
+variable "number_of_computed_egress_with_source_security_group_id" {
+  description = "Number of computed egress rules to create where 'source_security_group_id' is used"
+  default     = 0
+}
+
+variable "number_of_computed_egress_cidr_blocks" {
+  description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
+  default     = 0
+}
+
+variable "number_of_computed_egress_ipv6_cidr_blocks" {
+  description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
+  default     = 0
+}
+
+variable "number_of_computed_egress_prefix_list_ids" {
+  description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
+  default     = 0
+}
--- a/rules.tf
+++ b/rules.tf
@@ -276,6 +276,12 @@ variable "auto_groups" {
      egress_rules      = ["all-all"]
    }

+    ntp = {
+      ingress_rules     = ["ntp-udp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
+    }
+
    rdp = {
      ingress_rules     = ["rdp-tcp", "rdp-udp"]
      ingress_with_self = ["all-all"]