Skip to content

T
terraform-aws-security-group
Commit 9efeb021 authored by Robin Bowes's avatar Robin Bowes Committed by Anton Babenko
Browse files
Options

Make use of name_prefix optional (#74) 

* Make use of name_prefix optional

* Code cleanups, add example
parent 5e998c5c
Hide whitespace changes
Inline Side-by-side
Showing with 167 additions and 29 deletions
README.md
View file @ 9efeb021
...@@ -198,6 +198,7 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu ...@@ -198,6 +198,7 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no | | number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | map | `<map>` | no | | rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | map | `<map>` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| use_name_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | string | `true` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
## Outputs ## Outputs
......
examples/fixed_name/README.md 0 → 100644
View file @ 9efeb021
# Complete Security Group example
Configuration in this directory creates set of Security Group and Security Group Rules resources in various combination.
Data sources are used to discover existing VPC resources (VPC and default security group).
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Outputs
| Name | Description |
|------|-------------|
| this_security_group_description | The description of the security group |
| this_security_group_id | The ID of the security group |
| this_security_group_name | The name of the security group |
| this_security_group_owner_id | The owner ID |
| this_security_group_vpc_id | The VPC ID |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/fixed_name/main.tf 0 → 100644
View file @ 9efeb021
provider "aws" {
region = "eu-west-1"
}
#############################################################
# Data sources to get VPC and default security group details
#############################################################
data "aws_vpc" "default" {
default = true
}
data "aws_security_group" "default" {
name = "default"
vpc_id = "${data.aws_vpc.default.id}"
}
##################################
# Security group with a fixed name
##################################
module "fixed_name_sg" {
source = "../../"
name = "fixed-name-sg"
description = "Security group with a fixed name and minimal rules"
use_name_prefix = "false"
vpc_id = "${data.aws_vpc.default.id}"
tags = {
Cash = "king"
Department = "kingdom"
}
# Default CIDR blocks, which will be used for all ingress rules in this module. Typically these are CIDR blocks of the VPC.
# If this is not specified then no CIDR blocks will be used.
ingress_cidr_blocks = ["10.10.0.0/16"]
# Open for all CIDRs defined in ingress_cidr_blocks
ingress_rules = ["https-443-tcp"]
# Open for self (rule or from_port+to_port+protocol+description)
ingress_with_self = [
{
rule = "all-all"
},
]
# Default CIDR blocks, which will be used for all egress rules in this module. Typically these are CIDR blocks of the VPC.
# If this is not specified then no CIDR blocks will be used.
egress_cidr_blocks = ["10.10.0.0/16"]
# Open for self (rule or from_port+to_port+protocol+description)
egress_with_self = [
{
rule = "all-all"
},
]
}
examples/fixed_name/outputs.tf 0 → 100644
View file @ 9efeb021
output "this_security_group_id" {
description = "The ID of the security group"
value = "${module.fixed_name_sg.this_security_group_id}"
}
output "this_security_group_vpc_id" {
description = "The VPC ID"
value = "${module.fixed_name_sg.this_security_group_vpc_id}"
}
output "this_security_group_owner_id" {
description = "The owner ID"
value = "${module.fixed_name_sg.this_security_group_owner_id}"
}
output "this_security_group_name" {
description = "The name of the security group"
value = "${module.fixed_name_sg.this_security_group_name}"
}
output "this_security_group_description" {
description = "The description of the security group"
value = "${module.fixed_name_sg.this_security_group_description}"
}
main.tf
View file @ 9efeb021
################# ##################################
# Security group # Get ID of created Security Group
################# ##################################
locals {
this_sg_id = "${element(concat(coalescelist(aws_security_group.this.*.id, aws_security_group.this_name_prefix.*.id), list("")), 0)}"
}
##########################
# Security group with name
##########################
resource "aws_security_group" "this" { resource "aws_security_group" "this" {
count = "${var.create ? 1 : 0}" count = "${var.create && ! var.use_name_prefix ? 1 : 0}"
name = "${var.name}"
description = "${var.description}"
vpc_id = "${var.vpc_id}"
tags = "${merge(var.tags, map("Name", format("%s", var.name)))}"
}
#################################
# Security group with name_prefix
#################################
resource "aws_security_group" "this_name_prefix" {
count = "${var.create && var.use_name_prefix ? 1 : 0}"
name_prefix = "${var.name}-" name_prefix = "${var.name}-"
description = "${var.description}" description = "${var.description}"
...@@ -22,7 +42,7 @@ resource "aws_security_group" "this" { ...@@ -22,7 +42,7 @@ resource "aws_security_group" "this" {
resource "aws_security_group_rule" "ingress_rules" { resource "aws_security_group_rule" "ingress_rules" {
count = "${var.create ? length(var.ingress_rules) : 0}" count = "${var.create ? length(var.ingress_rules) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
cidr_blocks = ["${var.ingress_cidr_blocks}"] cidr_blocks = ["${var.ingress_cidr_blocks}"]
...@@ -39,7 +59,7 @@ resource "aws_security_group_rule" "ingress_rules" { ...@@ -39,7 +59,7 @@ resource "aws_security_group_rule" "ingress_rules" {
resource "aws_security_group_rule" "computed_ingress_rules" { resource "aws_security_group_rule" "computed_ingress_rules" {
count = "${var.create ? var.number_of_computed_ingress_rules : 0}" count = "${var.create ? var.number_of_computed_ingress_rules : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
cidr_blocks = ["${var.ingress_cidr_blocks}"] cidr_blocks = ["${var.ingress_cidr_blocks}"]
...@@ -59,7 +79,7 @@ resource "aws_security_group_rule" "computed_ingress_rules" { ...@@ -59,7 +79,7 @@ resource "aws_security_group_rule" "computed_ingress_rules" {
resource "aws_security_group_rule" "ingress_with_source_security_group_id" { resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
count = "${var.create ? length(var.ingress_with_source_security_group_id) : 0}" count = "${var.create ? length(var.ingress_with_source_security_group_id) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
source_security_group_id = "${lookup(var.ingress_with_source_security_group_id[count.index], "source_security_group_id")}" source_security_group_id = "${lookup(var.ingress_with_source_security_group_id[count.index], "source_security_group_id")}"
...@@ -76,7 +96,7 @@ resource "aws_security_group_rule" "ingress_with_source_security_group_id" { ...@@ -76,7 +96,7 @@ resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id" { resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id" {
count = "${var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0}" count = "${var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
source_security_group_id = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "source_security_group_id")}" source_security_group_id = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "source_security_group_id")}"
...@@ -93,7 +113,7 @@ resource "aws_security_group_rule" "computed_ingress_with_source_security_group_ ...@@ -93,7 +113,7 @@ resource "aws_security_group_rule" "computed_ingress_with_source_security_group_
resource "aws_security_group_rule" "ingress_with_cidr_blocks" { resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
count = "${var.create ? length(var.ingress_with_cidr_blocks) : 0}" count = "${var.create ? length(var.ingress_with_cidr_blocks) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
cidr_blocks = ["${split(",", lookup(var.ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"] cidr_blocks = ["${split(",", lookup(var.ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
...@@ -109,7 +129,7 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" { ...@@ -109,7 +129,7 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" { resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
count = "${var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0}" count = "${var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"] cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
...@@ -125,7 +145,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" { ...@@ -125,7 +145,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" { resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
count = "${var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0}" count = "${var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
ipv6_cidr_blocks = ["${split(",", lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"] ipv6_cidr_blocks = ["${split(",", lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
...@@ -141,7 +161,7 @@ resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" { ...@@ -141,7 +161,7 @@ resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" { resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" {
count = "${var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0}" count = "${var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"] ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
...@@ -157,7 +177,7 @@ resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" { ...@@ -157,7 +177,7 @@ resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" {
resource "aws_security_group_rule" "ingress_with_self" { resource "aws_security_group_rule" "ingress_with_self" {
count = "${var.create ? length(var.ingress_with_self) : 0}" count = "${var.create ? length(var.ingress_with_self) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
self = "${lookup(var.ingress_with_self[count.index], "self", true)}" self = "${lookup(var.ingress_with_self[count.index], "self", true)}"
...@@ -174,7 +194,7 @@ resource "aws_security_group_rule" "ingress_with_self" { ...@@ -174,7 +194,7 @@ resource "aws_security_group_rule" "ingress_with_self" {
resource "aws_security_group_rule" "computed_ingress_with_self" { resource "aws_security_group_rule" "computed_ingress_with_self" {
count = "${var.create ? var.number_of_computed_ingress_with_self : 0}" count = "${var.create ? var.number_of_computed_ingress_with_self : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "ingress" type = "ingress"
self = "${lookup(var.computed_ingress_with_self[count.index], "self", true)}" self = "${lookup(var.computed_ingress_with_self[count.index], "self", true)}"
...@@ -198,7 +218,7 @@ resource "aws_security_group_rule" "computed_ingress_with_self" { ...@@ -198,7 +218,7 @@ resource "aws_security_group_rule" "computed_ingress_with_self" {
resource "aws_security_group_rule" "egress_rules" { resource "aws_security_group_rule" "egress_rules" {
count = "${var.create ? length(var.egress_rules) : 0}" count = "${var.create ? length(var.egress_rules) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
cidr_blocks = ["${var.egress_cidr_blocks}"] cidr_blocks = ["${var.egress_cidr_blocks}"]
...@@ -215,7 +235,7 @@ resource "aws_security_group_rule" "egress_rules" { ...@@ -215,7 +235,7 @@ resource "aws_security_group_rule" "egress_rules" {
resource "aws_security_group_rule" "computed_egress_rules" { resource "aws_security_group_rule" "computed_egress_rules" {
count = "${var.create ? var.number_of_computed_egress_rules : 0}" count = "${var.create ? var.number_of_computed_egress_rules : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
cidr_blocks = ["${var.egress_cidr_blocks}"] cidr_blocks = ["${var.egress_cidr_blocks}"]
...@@ -235,7 +255,7 @@ resource "aws_security_group_rule" "computed_egress_rules" { ...@@ -235,7 +255,7 @@ resource "aws_security_group_rule" "computed_egress_rules" {
resource "aws_security_group_rule" "egress_with_source_security_group_id" { resource "aws_security_group_rule" "egress_with_source_security_group_id" {
count = "${var.create ? length(var.egress_with_source_security_group_id) : 0}" count = "${var.create ? length(var.egress_with_source_security_group_id) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
source_security_group_id = "${lookup(var.egress_with_source_security_group_id[count.index], "source_security_group_id")}" source_security_group_id = "${lookup(var.egress_with_source_security_group_id[count.index], "source_security_group_id")}"
...@@ -252,7 +272,7 @@ resource "aws_security_group_rule" "egress_with_source_security_group_id" { ...@@ -252,7 +272,7 @@ resource "aws_security_group_rule" "egress_with_source_security_group_id" {
resource "aws_security_group_rule" "computed_egress_with_source_security_group_id" { resource "aws_security_group_rule" "computed_egress_with_source_security_group_id" {
count = "${var.create ? var.number_of_computed_egress_with_source_security_group_id : 0}" count = "${var.create ? var.number_of_computed_egress_with_source_security_group_id : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
source_security_group_id = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "source_security_group_id")}" source_security_group_id = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "source_security_group_id")}"
...@@ -269,7 +289,7 @@ resource "aws_security_group_rule" "computed_egress_with_source_security_group_i ...@@ -269,7 +289,7 @@ resource "aws_security_group_rule" "computed_egress_with_source_security_group_i
resource "aws_security_group_rule" "egress_with_cidr_blocks" { resource "aws_security_group_rule" "egress_with_cidr_blocks" {
count = "${var.create ? length(var.egress_with_cidr_blocks) : 0}" count = "${var.create ? length(var.egress_with_cidr_blocks) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
cidr_blocks = ["${split(",", lookup(var.egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"] cidr_blocks = ["${split(",", lookup(var.egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
...@@ -285,7 +305,7 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" { ...@@ -285,7 +305,7 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" {
resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" { resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
count = "${var.create ? var.number_of_computed_egress_with_cidr_blocks : 0}" count = "${var.create ? var.number_of_computed_egress_with_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"] cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
...@@ -301,7 +321,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" { ...@@ -301,7 +321,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" { resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
count = "${var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0}" count = "${var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
ipv6_cidr_blocks = ["${split(",", lookup(var.egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"] ipv6_cidr_blocks = ["${split(",", lookup(var.egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
...@@ -317,7 +337,7 @@ resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" { ...@@ -317,7 +337,7 @@ resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" { resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" {
count = "${var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0}" count = "${var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"] ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
...@@ -333,7 +353,7 @@ resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" { ...@@ -333,7 +353,7 @@ resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" {
resource "aws_security_group_rule" "egress_with_self" { resource "aws_security_group_rule" "egress_with_self" {
count = "${var.create ? length(var.egress_with_self) : 0}" count = "${var.create ? length(var.egress_with_self) : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
self = "${lookup(var.egress_with_self[count.index], "self", true)}" self = "${lookup(var.egress_with_self[count.index], "self", true)}"
...@@ -350,7 +370,7 @@ resource "aws_security_group_rule" "egress_with_self" { ...@@ -350,7 +370,7 @@ resource "aws_security_group_rule" "egress_with_self" {
resource "aws_security_group_rule" "computed_egress_with_self" { resource "aws_security_group_rule" "computed_egress_with_self" {
count = "${var.create ? var.number_of_computed_egress_with_self : 0}" count = "${var.create ? var.number_of_computed_egress_with_self : 0}"
security_group_id = "${aws_security_group.this.id}" security_group_id = "${local.this_sg_id}"
type = "egress" type = "egress"
self = "${lookup(var.computed_egress_with_self[count.index], "self", true)}" self = "${lookup(var.computed_egress_with_self[count.index], "self", true)}"
......
outputs.tf
View file @ 9efeb021
output "this_security_group_id" { output "this_security_group_id" {
description = "The ID of the security group" description = "The ID of the security group"
value = "${element(concat(aws_security_group.this.*.id, list("")), 0)}" value = "${element(concat(coalescelist(aws_security_group.this.*.id, aws_security_group.this_name_prefix.*.id), list("")), 0)}"
} }
output "this_security_group_vpc_id" { output "this_security_group_vpc_id" {
description = "The VPC ID" description = "The VPC ID"
value = "${element(concat(aws_security_group.this.*.vpc_id, list("")), 0)}" value = "${element(concat(coalescelist(aws_security_group.this.*.vpc_id, aws_security_group.this_name_prefix.*.vpc_id), list("")), 0)}"
} }
output "this_security_group_owner_id" { output "this_security_group_owner_id" {
description = "The owner ID" description = "The owner ID"
value = "${element(concat(aws_security_group.this.*.owner_id, list("")), 0)}" value = "${element(concat(coalescelist(aws_security_group.this.*.owner_id, aws_security_group.this_name_prefix.*.owner_id), list("")), 0)}"
} }
output "this_security_group_name" { output "this_security_group_name" {
description = "The name of the security group" description = "The name of the security group"
value = "${element(concat(aws_security_group.this.*.name, list("")), 0)}" value = "${element(concat(coalescelist(aws_security_group.this.*.name, aws_security_group.this_name_prefix.*.name), list("")), 0)}"
} }
output "this_security_group_description" { output "this_security_group_description" {
description = "The description of the security group" description = "The description of the security group"
value = "${element(concat(aws_security_group.this.*.description, list("")), 0)}" value = "${element(concat(coalescelist(aws_security_group.this.*.description, aws_security_group.this_name_prefix.*.description), list("")), 0)}"
} }
//output "this_security_group_ingress" { //output "this_security_group_ingress" {
......
variables.tf
View file @ 9efeb021
...@@ -14,6 +14,11 @@ variable "name" { ...@@ -14,6 +14,11 @@ variable "name" {
description = "Name of security group" description = "Name of security group"
} }
variable "use_name_prefix" {
default = "true"
description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation"
}
variable "description" { variable "description" {
description = "Description of security group" description = "Description of security group"
default = "Security Group managed by Terraform" default = "Security Group managed by Terraform"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment