Skip to content

T
terraform-aws-security-group
Commit f7e3636c authored by Anton Babenko's avatar Anton Babenko
Browse files
Options

Fix to allow computed values in arguments

parent 3d7f8ea2
Show whitespace changes
Inline Side-by-side
Showing with 10004 additions and 12 deletions
.pre-commit-config.yaml
View file @ f7e3636c
repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.7.1
rev: v1.7.3
hooks:
- id: terraform_fmt
- id: terraform_docs
- repo: git://github.com/pre-commit/pre-commit-hooks
rev: v1.2.3
rev: v1.3.0
hooks:
- id: check-merge-conflict
README.md
View file @ f7e3636c
......@@ -20,7 +20,7 @@ This module aims to implement **ALL** combinations of arguments supported by AWS
* Named groups of rules with ingress (inbound) and egress (outbound) ports open for common scenarios (eg, [ssh](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ssh), [http-80](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/http-80), [mysql](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mysql), see the whole list [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/README.md))
* Conditionally create security group and all required security group rules ("single boolean switch").
Ingress and egress rules can be configured in a variety of ways as listed on [the registry documentation](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/?tab=inputs).
Ingress and egress rules can be configured in a variety of ways. See [inputs section](#inputs) for all supported arguments and [complete example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/complete) for the complete use-case.
If there is a missing feature or a bug - [open an issue](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/new).
......@@ -28,7 +28,24 @@ If there is a missing feature or a bug - [open an issue](https://github.com/terr
There are two ways to create security groups using this module:
##### 1. Security group with custom rules
1. [Specifying predefined rules (HTTP, SSH, etc)](https://github.com/terraform-aws-modules/terraform-aws-security-group#security-group-with-predefined-rules)
1. [Specifying custom rules](https://github.com/terraform-aws-modules/terraform-aws-atlantis#security-group-with-custom-rules)
### Security group with predefined rules
```hcl
module "web_server_sg" {
source = "terraform-aws-modules/security-group/aws//modules/http"
name = "web-server"
description = "Security group for web-server with HTTP ports open within VPC"
vpc_id = "vpc-12345678"
ingress_cidr_blocks = ["10.10.0.0/16"]
}
```
### Security group with custom rules
```hcl
module "vote_service_sg" {
......@@ -56,22 +73,53 @@ module "vote_service_sg" {
}
```
**Note:** it is not possible to use variable outputs from this module or other modules that contain calculated values when defining the security group resources. This is typically an issue when specifying either `ingress_with_source_security_group_id` or `egress_with_source_security_group_id` parameters and attempting to use the security group id of a resource which has not yet been created. However referencing variables that are already "hard-coded" in the .tf file (i.e. not calculated values dependent on the infrastructure being created) are fine. E.g. the VPC cidr block `"10.10.0.0/16"`. Also using data sources allows the use of external data/variables that are known at plan time and not regarded as calculated. More details [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/16). Check [this example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/dynamic) to see how to specify values inside security group rules (data-sources and variables are allowed).
### Note about "value of 'count' cannot be computed"
##### 2. Security group with pre-defined rules (NOTE: Terraform should be version 0.11 or newer)
Terraform 0.11 has a limitation which does not allow **computed** values inside `count` attribute on resources (issues: #, #)
Computed values are values provided as outputs from `module`. Non-computed values are all others - static values, values referenced as `variable` and from data-sources.
When you need to specify computed value inside security group rule argument you need to specify it using an argument which starts with `computed_` and provide a number of elements in the argument which starts with `number_of_computed_`. See these examples:
```hcl
module "web_server_sg" {
source = "terraform-aws-modules/security-group/aws//modules/http"
module "http_sg" {
source = "terraform-aws-modules/security-group/aws"
# omitted for brevity
}
name = "web-server"
description = "Security group for web-server with HTTP ports open within VPC"
vpc_id = "vpc-12345678"
module "db_computed_source_sg" {
# omitted for brevity
ingress_cidr_blocks = ["10.10.0.0/16"]
vpc_id = "vpc-12345678" # these are valid values also - "${module.vpc.vpc_id}" and "${local.vpc_id}"
computed_ingress_with_source_security_group_id = [
{
rule = "mysql-tcp"
source_security_group_id = "${module.http_sg.this_security_group_id}"
}
]
number_of_computed_ingress_with_source_security_group_id = 1
}
module "db_computed_sg" {
# omitted for brevity
ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}"]
computed_ingress_cidr_blocks = ["${module.vpc.vpc_id}"]
number_of_computed_ingress_cidr_blocks = 1
}
module "db_computed_merged_sg" {
# omitted for brevity
computed_ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}"]
number_of_computed_ingress_cidr_blocks = 3
}
```
Note that `db_computed_sg` and `db_computed_merged_sg` are equal, because it is possible to put both computed and non-computed values in arguments starting with `computed_`.
## Conditional creation
Sometimes you need to have a way to create security group conditionally but Terraform does not allow to use `count` inside `module` block, so the solution is to specify argument `create`.
......@@ -92,6 +140,7 @@ module "vote_service_sg" {
* [HTTP Security Group example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/http) shows more applicable security groups for common web-servers.
* [Disable creation of Security Group example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/disabled) shows how to disable creation of security group.
* [Dynamic values inside Security Group rules example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/dynamic) shows how to specify values inside security group rules (data-sources and variables are allowed).
* [Computed values inside Security Group rules example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/computed) shows how to specify computed values inside security group rules (solution for `value of 'count' cannot be computed` problem).
## How to add/update rules/groups?
......@@ -108,6 +157,16 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_groups | Map of groups of security group rules to use to generate modules (see update_groups.sh) | map | `<map>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -127,6 +186,16 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | map | `<map>` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
examples/complete/main.tf
View file @ f7e3636c
......@@ -14,6 +14,30 @@ data "aws_security_group" "default" {
vpc_id = "${data.aws_vpc.default.id}"
}
##################################################
# VPC which is used as an argument in complete-sg
##################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "complete-sg-demo-vpc"
cidr = "10.20.0.0/20"
}
#############################################################
# Security group which is used as an argument in complete-sg
#############################################################
module "main_sg" {
source = "../../"
name = "main-sg"
description = "Security group which is used as an argument in complete-sg"
vpc_id = "${data.aws_vpc.default.id}"
ingress_cidr_blocks = ["10.10.0.0/16"]
ingress_rules = ["https-443-tcp"]
}
################################################
# Security group with complete set of arguments
################################################
......@@ -40,6 +64,10 @@ module "complete_sg" {
# Open for all CIDRs defined in ingress_cidr_blocks
ingress_rules = ["https-443-tcp"]
# Use computed value here (eg, `${module...}`). Plain string is not a real use-case for this argument.
computed_ingress_rules = ["ssh-tcp"]
number_of_computed_ingress_rules = 1
# Open to CIDRs blocks (rule or from_port+to_port+protocol+description)
ingress_with_cidr_blocks = [
{
......@@ -59,6 +87,22 @@ module "complete_sg" {
},
]
computed_ingress_with_cidr_blocks = [
{
rule = "postgresql-tcp"
cidr_blocks = "3.3.3.3/32,${module.vpc.vpc_cidr_block}"
},
{
from_port = 15
to_port = 25
protocol = 6
description = "Service name with vpc cidr"
cidr_blocks = "${module.vpc.vpc_cidr_block}"
},
]
number_of_computed_ingress_with_cidr_blocks = 2
# Open to IPV6 CIDR blocks (rule or from_port+to_port+protocol+description)
ingress_with_ipv6_cidr_blocks = [
{
......@@ -70,6 +114,18 @@ module "complete_sg" {
},
]
computed_ingress_with_ipv6_cidr_blocks = [
{
from_port = 350
to_port = 450
protocol = "tcp"
description = "Service ports (ipv6). VPC ID = ${module.vpc.vpc_id}"
ipv6_cidr_blocks = "2001:db8::/64"
},
]
number_of_computed_ingress_with_ipv6_cidr_blocks = 1
# Open for security group id (rule or from_port+to_port+protocol+description)
ingress_with_source_security_group_id = [
{
......@@ -85,6 +141,22 @@ module "complete_sg" {
},
]
computed_ingress_with_source_security_group_id = [
{
rule = "postgresql-tcp"
source_security_group_id = "${module.main_sg.this_security_group_id}"
},
{
from_port = 23
to_port = 23
protocol = 6
description = "Service name"
source_security_group_id = "${module.main_sg.this_security_group_id}"
},
]
number_of_computed_ingress_with_source_security_group_id = 2
# Open for self (rule or from_port+to_port+protocol+description)
ingress_with_self = [
{
......@@ -105,6 +177,18 @@ module "complete_sg" {
},
]
computed_ingress_with_self = [
{
from_port = 32
to_port = 43
protocol = 6
description = "Service name. VPC ID: ${module.vpc.vpc_id}"
self = true
},
]
number_of_computed_ingress_with_self = 1
# Default CIDR blocks, which will be used for all egress rules in this module. Typically these are CIDR blocks of the VPC.
# If this is not specified then no CIDR blocks will be used.
egress_cidr_blocks = ["10.10.0.0/16"]
......@@ -116,6 +200,9 @@ module "complete_sg" {
# Open for all CIDRs defined in egress_cidr_blocks
egress_rules = ["http-80-tcp"]
computed_egress_rules = ["ssh-tcp"]
number_of_computed_egress_rules = 1
# Open to CIDRs blocks (rule or from_port+to_port+protocol+description)
egress_with_cidr_blocks = [
{
......@@ -135,6 +222,15 @@ module "complete_sg" {
},
]
computed_egress_with_cidr_blocks = [
{
rule = "https-443-tcp"
cidr_blocks = "${module.vpc.vpc_cidr_block}"
},
]
number_of_computed_egress_with_cidr_blocks = 1
# Open to IPV6 CIDR blocks (rule or from_port+to_port+protocol+description)
egress_with_ipv6_cidr_blocks = [
{
......@@ -146,6 +242,18 @@ module "complete_sg" {
},
]
computed_egress_with_ipv6_cidr_blocks = [
{
from_port = 55
to_port = 66
protocol = "tcp"
description = "Service ports (ipv6). VPC ID: ${module.vpc.vpc_id}"
ipv6_cidr_blocks = "2001:db8::/64"
},
]
number_of_computed_egress_with_ipv6_cidr_blocks = 1
# Open for security group id (rule or from_port+to_port+protocol+description)
egress_with_source_security_group_id = [
{
......@@ -161,6 +269,15 @@ module "complete_sg" {
},
]
computed_egress_with_source_security_group_id = [
{
rule = "postgresql-tcp"
source_security_group_id = "${module.main_sg.this_security_group_id}"
},
]
number_of_computed_egress_with_source_security_group_id = 1
# Open for self (rule or from_port+to_port+protocol+description)
egress_with_self = [
{
......@@ -180,6 +297,14 @@ module "complete_sg" {
self = false
},
]
computed_egress_with_self = [
{
rule = "https-443-tcp"
},
]
number_of_computed_egress_with_self = 1
}
######################################################
......
examples/computed/README.md 0 → 100644
View file @ f7e3636c
# Computed Security Group rules example
Configuration in this directory creates set of Security Group and Security Group Rules resources in various combination.
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Outputs
| Name | Description |
|------|-------------|
| this_security_group_description | The description of the security group |
| this_security_group_id | The ID of the security group |
| this_security_group_name | The name of the security group |
| this_security_group_owner_id | The owner ID |
| this_security_group_vpc_id | The VPC ID |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/computed/main.tf 0 → 100644
View file @ f7e3636c
provider "aws" {
region = "eu-west-1"
}
#############################################################
# Data sources to get VPC and default security group details
#############################################################
data "aws_vpc" "default" {
default = true
}
data "aws_security_group" "default" {
name = "default"
vpc_id = "${data.aws_vpc.default.id}"
}
###########################
# Security groups examples
###########################
module "http_sg" {
source = "../../modules/https-443"
name = "computed-http-sg"
description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group"
vpc_id = "${data.aws_vpc.default.id}"
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_with_source_security_group_id = [
{
rule = "https-443-tcp"
source_security_group_id = "${data.aws_security_group.default.id}"
},
]
}
module "mysql_sg" {
source = "../../modules/mysql"
name = "computed-mysql-sg"
description = "Security group with MySQL/Aurora port open for HTTP security group created above (computed)"
vpc_id = "${data.aws_vpc.default.id}"
ingress_cidr_blocks = ["0.0.0.0/0"]
computed_ingress_with_source_security_group_id = [
{
rule = "mysql-tcp"
source_security_group_id = "${module.http_sg.this_security_group_id}"
},
]
number_of_computed_ingress_with_source_security_group_id = 1
}
examples/computed/outputs.tf 0 → 100644
View file @ f7e3636c
output "this_security_group_id" {
description = "The ID of the security group"
value = "${module.mysql_sg.this_security_group_id}"
}
output "this_security_group_vpc_id" {
description = "The VPC ID"
value = "${module.mysql_sg.this_security_group_vpc_id}"
}
output "this_security_group_owner_id" {
description = "The owner ID"
value = "${module.mysql_sg.this_security_group_owner_id}"
}
output "this_security_group_name" {
description = "The name of the security group"
value = "${module.mysql_sg.this_security_group_name}"
}
output "this_security_group_description" {
description = "The description of the security group"
value = "${module.mysql_sg.this_security_group_description}"
}
main.tf
View file @ f7e3636c
......@@ -31,6 +31,23 @@ resource "aws_security_group_rule" "ingress_rules" {
protocol = "${element(var.rules[var.ingress_rules[count.index]], 2)}"
}
# Computed - Security group rules with "cidr_blocks" and it uses list of rules names
resource "aws_security_group_rule" "computed_ingress_rules" {
count = "${var.create ? var.number_of_computed_ingress_rules : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
cidr_blocks = ["${var.ingress_cidr_blocks}"]
ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${element(var.rules[var.computed_ingress_rules[count.index]], 3)}"
from_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 0)}"
to_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 1)}"
protocol = "${element(var.rules[var.computed_ingress_rules[count.index]], 2)}"
}
##########################
# Ingress - Maps of rules
##########################
......@@ -51,6 +68,23 @@ resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
protocol = "${lookup(var.ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self"
resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id" {
count = "${var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
source_security_group_id = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "source_security_group_id")}"
ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
}
# Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
count = "${var.create ? length(var.ingress_with_cidr_blocks) : 0}"
......@@ -67,6 +101,22 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
protocol = "${lookup(var.ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
count = "${var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
count = "${var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0}"
......@@ -83,6 +133,22 @@ resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
protocol = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" {
count = "${var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "ingress_with_self" {
count = "${var.create ? length(var.ingress_with_self) : 0}"
......@@ -100,6 +166,23 @@ resource "aws_security_group_rule" "ingress_with_self" {
protocol = "${lookup(var.ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "computed_ingress_with_self" {
count = "${var.create ? var.number_of_computed_ingress_with_self : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
self = "${lookup(var.computed_ingress_with_self[count.index], "self", true)}"
ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_self[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 2))}"
}
#################
# End of ingress
#################
......@@ -124,6 +207,23 @@ resource "aws_security_group_rule" "egress_rules" {
protocol = "${element(var.rules[var.egress_rules[count.index]], 2)}"
}
# Computed - Security group rules with "cidr_blocks" and it uses list of rules names
resource "aws_security_group_rule" "computed_egress_rules" {
count = "${var.create ? var.number_of_computed_egress_rules : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
cidr_blocks = ["${var.egress_cidr_blocks}"]
ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${element(var.rules[var.computed_egress_rules[count.index]], 3)}"
from_port = "${element(var.rules[var.computed_egress_rules[count.index]], 0)}"
to_port = "${element(var.rules[var.computed_egress_rules[count.index]], 1)}"
protocol = "${element(var.rules[var.computed_egress_rules[count.index]], 2)}"
}
#########################
# Egress - Maps of rules
#########################
......@@ -144,6 +244,23 @@ resource "aws_security_group_rule" "egress_with_source_security_group_id" {
protocol = "${lookup(var.egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self"
resource "aws_security_group_rule" "computed_egress_with_source_security_group_id" {
count = "${var.create ? var.number_of_computed_egress_with_source_security_group_id : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
source_security_group_id = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "source_security_group_id")}"
ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
}
# Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "egress_with_cidr_blocks" {
count = "${var.create ? length(var.egress_with_cidr_blocks) : 0}"
......@@ -160,6 +277,22 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" {
protocol = "${lookup(var.egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
count = "${var.create ? var.number_of_computed_egress_with_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
count = "${var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0}"
......@@ -176,6 +309,22 @@ resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
protocol = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" {
count = "${var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "egress_with_self" {
count = "${var.create ? length(var.egress_with_self) : 0}"
......@@ -193,6 +342,23 @@ resource "aws_security_group_rule" "egress_with_self" {
protocol = "${lookup(var.egress_with_self[count.index], "protocol", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 2))}"
}
# Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "computed_egress_with_self" {
count = "${var.create ? var.number_of_computed_egress_with_self : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
self = "${lookup(var.computed_egress_with_self[count.index], "self", true)}"
ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_self[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 2))}"
}
################
# End of egress
################
......
modules/_templates/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/_templates/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/carbon-relay-ng/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/carbon-relay-ng/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/carbon-relay-ng/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/carbon-relay-ng/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/cassandra/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **cassandra module** is using are available [here](https://
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **cassandra module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/cassandra/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/cassandra/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/cassandra/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/consul/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **consul module** is using are available [here](https://git
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **consul module** is using are available [here](https://git
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/consul/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/consul/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/consul/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/docker-swarm/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **docker-swarm module** is using are available [here](https
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **docker-swarm module** is using are available [here](https
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/docker-swarm/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/docker-swarm/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/docker-swarm/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/elasticsearch/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **elasticsearch module** is using are available [here](http
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **elasticsearch module** is using are available [here](http
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/elasticsearch/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/elasticsearch/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/elasticsearch/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/http-80/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **http-80 module** is using are available [here](https://gi
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **http-80 module** is using are available [here](https://gi
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/http-80/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/http-80/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/http-80/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/https-443/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **https-443 module** is using are available [here](https://
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **https-443 module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/https-443/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/https-443/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/https-443/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/ipsec-4500/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/ipsec-4500/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/ipsec-4500/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/ipsec-4500/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/ipsec-500/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **ipsec-500 module** is using are available [here](https://
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **ipsec-500 module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/ipsec-500/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/ipsec-500/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/ipsec-500/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/kafka/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **kafka module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **kafka module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/kafka/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/kafka/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/kafka/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/ldaps/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **ldaps module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **ldaps module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/ldaps/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/ldaps/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/ldaps/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/memcached/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **memcached module** is using are available [here](https://
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **memcached module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/memcached/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/memcached/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/memcached/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/mssql/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **mssql module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **mssql module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/mssql/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/mssql/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/mssql/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/mysql/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **mysql module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **mysql module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/mysql/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/mysql/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/mysql/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/nfs/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **nfs module** is using are available [here](https://github
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **nfs module** is using are available [here](https://github
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/nfs/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/nfs/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/nfs/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/nomad/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **nomad module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **nomad module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/nomad/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/nomad/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/nomad/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/openvpn/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **openvpn module** is using are available [here](https://gi
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **openvpn module** is using are available [here](https://gi
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/openvpn/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/openvpn/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/openvpn/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/oracle-db/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **oracle-db module** is using are available [here](https://
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **oracle-db module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/oracle-db/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/oracle-db/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/oracle-db/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/postgresql/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **postgresql module** is using are available [here](https:/
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **postgresql module** is using are available [here](https:/
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/postgresql/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/postgresql/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/postgresql/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/rdp/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **rdp module** is using are available [here](https://github
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **rdp module** is using are available [here](https://github
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/rdp/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/rdp/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/rdp/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/redis/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **redis module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **redis module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/redis/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/redis/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/redis/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/redshift/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **redshift module** is using are available [here](https://g
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **redshift module** is using are available [here](https://g
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/redshift/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/redshift/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/redshift/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/splunk/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **splunk module** is using are available [here](https://git
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **splunk module** is using are available [here](https://git
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/splunk/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/splunk/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/splunk/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/ssh/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **ssh module** is using are available [here](https://github
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **ssh module** is using are available [here](https://github
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/ssh/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/ssh/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/ssh/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/storm/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **storm module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **storm module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/storm/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/storm/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/storm/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/web/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **web module** is using are available [here](https://github
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **web module** is using are available [here](https://github
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/web/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/web/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/web/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/winrm/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **winrm module** is using are available [here](https://gith
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **winrm module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/winrm/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/winrm/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/winrm/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/zipkin/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **zipkin module** is using are available [here](https://git
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **zipkin module** is using are available [here](https://git
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/zipkin/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/zipkin/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/zipkin/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/zookeeper/README.md
View file @ f7e3636c
......@@ -18,10 +18,34 @@ All automatic values **zookeeper module** is using are available [here](https://
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
......@@ -41,6 +65,22 @@ All automatic values **zookeeper module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/zookeeper/auto_values.tf
View file @ f7e3636c
......@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list"
default = []
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/zookeeper/main.tf
View file @ f7e3636c
......@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
#########
# Egress
#########
......@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
}
modules/zookeeper/variables.tf
View file @ f7e3636c
......@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
update_groups.sh
View file @ f7e3636c
......@@ -49,6 +49,14 @@ set_list_if_null() {
fi
}
set_zero_if_null() {
if [[ "null" == "$1" ]]; then
echo 0
else
echo "$1"
fi
}
main() {
check_dependencies
......@@ -80,12 +88,36 @@ main() {
egress_rules=$(get_auto_value "$auto_groups_data" "$group" "egress_rules")
egress_with_self=$(get_auto_value "$auto_groups_data" "$group" "egress_with_self")
# Computed values
computed_ingress_rules=$(get_auto_value "$auto_groups_data" "$group" "computed_ingress_rules")
computed_ingress_with_self=$(get_auto_value "$auto_groups_data" "$group" "computed_ingress_with_self")
computed_egress_rules=$(get_auto_value "$auto_groups_data" "$group" "computed_egress_rules")
computed_egress_with_self=$(get_auto_value "$auto_groups_data" "$group" "computed_egress_with_self")
# Number of computed values
number_of_computed_ingress_rules=$(get_auto_value "$auto_groups_data" "$group" "number_of_computed_ingress_rules")
number_of_computed_ingress_with_self=$(get_auto_value "$auto_groups_data" "$group" "number_of_computed_ingress_with_self")
number_of_computed_egress_rules=$(get_auto_value "$auto_groups_data" "$group" "number_of_computed_egress_rules")
number_of_computed_egress_with_self=$(get_auto_value "$auto_groups_data" "$group" "number_of_computed_egress_with_self")
# Set to empty lists, if no value was specified
ingress_rules=$(set_list_if_null "$ingress_rules")
ingress_with_self=$(set_list_if_null "$ingress_with_self")
egress_rules=$(set_list_if_null "$egress_rules")
egress_with_self=$(set_list_if_null "$egress_with_self")
# Set to empty lists, if no computed value was specified
computed_ingress_rules=$(set_list_if_null "$computed_ingress_rules")
computed_ingress_with_self=$(set_list_if_null "$computed_ingress_with_self")
computed_egress_rules=$(set_list_if_null "$computed_egress_rules")
computed_egress_with_self=$(set_list_if_null "$computed_egress_with_self")
# Set to zero, if no value was specified
number_of_computed_ingress_rules=$(set_zero_if_null "$number_of_computed_ingress_rules")
number_of_computed_ingress_with_self=$(set_zero_if_null "$number_of_computed_ingress_with_self")
number_of_computed_egress_rules=$(set_zero_if_null "$number_of_computed_egress_rules")
number_of_computed_egress_with_self=$(set_zero_if_null "$number_of_computed_egress_with_self")
# ingress_with_self and egress_with_self are stored as simple lists (like this - ["all-all","all-tcp"]),
# so we make map (like this - [{"rule"="all-all"},{"rule"="all-tcp"}])
ingress_with_self=$(echo "$ingress_with_self" | jq -rc "[{rule:.[]}]" | tr ':' '=')
......@@ -120,6 +152,53 @@ variable "auto_egress_with_self" {
type = "list"
default = $egress_with_self
}
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = $computed_ingress_rules
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = $computed_ingress_with_self
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = $computed_egress_rules
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = $computed_egress_with_self
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = $number_of_computed_ingress_rules
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = $number_of_computed_ingress_with_self
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = $number_of_computed_egress_rules
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = $number_of_computed_egress_with_self
}
EOF
cat <<EOF > "modules/$group/README.md"
......
variables.tf
View file @ f7e3636c
......@@ -67,6 +67,62 @@ variable "ingress_prefix_list_ids" {
default = []
}
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
#########
# Egress
#########
......@@ -109,3 +165,59 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = []
}
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment