Skip to content

T
terraform-aws-security-group
Commit f7e3636c authored by Anton Babenko's avatar Anton Babenko
Browse files
Options

Fix to allow computed values in arguments

parent 3d7f8ea2
Show whitespace changes
Inline Side-by-side
Showing with 10004 additions and 12 deletions
.pre-commit-config.yaml
View file @ f7e3636c
repos: repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform - repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.7.1 rev: v1.7.3
hooks: hooks:
- id: terraform_fmt - id: terraform_fmt
- id: terraform_docs - id: terraform_docs
- repo: git://github.com/pre-commit/pre-commit-hooks - repo: git://github.com/pre-commit/pre-commit-hooks
rev: v1.2.3 rev: v1.3.0
hooks: hooks:
- id: check-merge-conflict - id: check-merge-conflict
README.md
View file @ f7e3636c
...@@ -20,7 +20,7 @@ This module aims to implement **ALL** combinations of arguments supported by AWS ...@@ -20,7 +20,7 @@ This module aims to implement **ALL** combinations of arguments supported by AWS
* Named groups of rules with ingress (inbound) and egress (outbound) ports open for common scenarios (eg, [ssh](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ssh), [http-80](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/http-80), [mysql](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mysql), see the whole list [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/README.md)) * Named groups of rules with ingress (inbound) and egress (outbound) ports open for common scenarios (eg, [ssh](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/ssh), [http-80](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/http-80), [mysql](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/modules/mysql), see the whole list [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/blob/master/modules/README.md))
* Conditionally create security group and all required security group rules ("single boolean switch"). * Conditionally create security group and all required security group rules ("single boolean switch").
Ingress and egress rules can be configured in a variety of ways as listed on [the registry documentation](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/?tab=inputs). Ingress and egress rules can be configured in a variety of ways. See [inputs section](#inputs) for all supported arguments and [complete example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/complete) for the complete use-case.
If there is a missing feature or a bug - [open an issue](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/new). If there is a missing feature or a bug - [open an issue](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/new).
...@@ -28,7 +28,24 @@ If there is a missing feature or a bug - [open an issue](https://github.com/terr ...@@ -28,7 +28,24 @@ If there is a missing feature or a bug - [open an issue](https://github.com/terr
There are two ways to create security groups using this module: There are two ways to create security groups using this module:
##### 1. Security group with custom rules 1. [Specifying predefined rules (HTTP, SSH, etc)](https://github.com/terraform-aws-modules/terraform-aws-security-group#security-group-with-predefined-rules)
1. [Specifying custom rules](https://github.com/terraform-aws-modules/terraform-aws-atlantis#security-group-with-custom-rules)
### Security group with predefined rules
```hcl
module "web_server_sg" {
source = "terraform-aws-modules/security-group/aws//modules/http"
name = "web-server"
description = "Security group for web-server with HTTP ports open within VPC"
vpc_id = "vpc-12345678"
ingress_cidr_blocks = ["10.10.0.0/16"]
}
```
### Security group with custom rules
```hcl ```hcl
module "vote_service_sg" { module "vote_service_sg" {
...@@ -56,22 +73,53 @@ module "vote_service_sg" { ...@@ -56,22 +73,53 @@ module "vote_service_sg" {
} }
``` ```
**Note:** it is not possible to use variable outputs from this module or other modules that contain calculated values when defining the security group resources. This is typically an issue when specifying either `ingress_with_source_security_group_id` or `egress_with_source_security_group_id` parameters and attempting to use the security group id of a resource which has not yet been created. However referencing variables that are already "hard-coded" in the .tf file (i.e. not calculated values dependent on the infrastructure being created) are fine. E.g. the VPC cidr block `"10.10.0.0/16"`. Also using data sources allows the use of external data/variables that are known at plan time and not regarded as calculated. More details [here](https://github.com/terraform-aws-modules/terraform-aws-security-group/issues/16). Check [this example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/dynamic) to see how to specify values inside security group rules (data-sources and variables are allowed). ### Note about "value of 'count' cannot be computed"
##### 2. Security group with pre-defined rules (NOTE: Terraform should be version 0.11 or newer) Terraform 0.11 has a limitation which does not allow **computed** values inside `count` attribute on resources (issues: #, #)
Computed values are values provided as outputs from `module`. Non-computed values are all others - static values, values referenced as `variable` and from data-sources.
When you need to specify computed value inside security group rule argument you need to specify it using an argument which starts with `computed_` and provide a number of elements in the argument which starts with `number_of_computed_`. See these examples:
```hcl ```hcl
module "web_server_sg" { module "http_sg" {
source = "terraform-aws-modules/security-group/aws//modules/http" source = "terraform-aws-modules/security-group/aws"
# omitted for brevity
}
name = "web-server" module "db_computed_source_sg" {
description = "Security group for web-server with HTTP ports open within VPC" # omitted for brevity
vpc_id = "vpc-12345678"
ingress_cidr_blocks = ["10.10.0.0/16"] vpc_id = "vpc-12345678" # these are valid values also - "${module.vpc.vpc_id}" and "${local.vpc_id}"
computed_ingress_with_source_security_group_id = [
{
rule = "mysql-tcp"
source_security_group_id = "${module.http_sg.this_security_group_id}"
}
]
number_of_computed_ingress_with_source_security_group_id = 1
}
module "db_computed_sg" {
# omitted for brevity
ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}"]
computed_ingress_cidr_blocks = ["${module.vpc.vpc_id}"]
number_of_computed_ingress_cidr_blocks = 1
}
module "db_computed_merged_sg" {
# omitted for brevity
computed_ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}"]
number_of_computed_ingress_cidr_blocks = 3
} }
``` ```
Note that `db_computed_sg` and `db_computed_merged_sg` are equal, because it is possible to put both computed and non-computed values in arguments starting with `computed_`.
## Conditional creation ## Conditional creation
Sometimes you need to have a way to create security group conditionally but Terraform does not allow to use `count` inside `module` block, so the solution is to specify argument `create`. Sometimes you need to have a way to create security group conditionally but Terraform does not allow to use `count` inside `module` block, so the solution is to specify argument `create`.
...@@ -92,6 +140,7 @@ module "vote_service_sg" { ...@@ -92,6 +140,7 @@ module "vote_service_sg" {
* [HTTP Security Group example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/http) shows more applicable security groups for common web-servers. * [HTTP Security Group example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/http) shows more applicable security groups for common web-servers.
* [Disable creation of Security Group example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/disabled) shows how to disable creation of security group. * [Disable creation of Security Group example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/disabled) shows how to disable creation of security group.
* [Dynamic values inside Security Group rules example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/dynamic) shows how to specify values inside security group rules (data-sources and variables are allowed). * [Dynamic values inside Security Group rules example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/dynamic) shows how to specify values inside security group rules (data-sources and variables are allowed).
* [Computed values inside Security Group rules example](https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/master/examples/computed) shows how to specify computed values inside security group rules (solution for `value of 'count' cannot be computed` problem).
## How to add/update rules/groups? ## How to add/update rules/groups?
...@@ -108,6 +157,16 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu ...@@ -108,6 +157,16 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_groups | Map of groups of security group rules to use to generate modules (see update_groups.sh) | map | `<map>` | no | | auto_groups | Map of groups of security group rules to use to generate modules (see update_groups.sh) | map | `<map>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -127,6 +186,16 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu ...@@ -127,6 +186,16 @@ Rules and groups are defined in [rules.tf](https://github.com/terraform-aws-modu
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | map | `<map>` | no | | rules | Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description']) | map | `<map>` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
examples/complete/main.tf
View file @ f7e3636c
...@@ -14,6 +14,30 @@ data "aws_security_group" "default" { ...@@ -14,6 +14,30 @@ data "aws_security_group" "default" {
vpc_id = "${data.aws_vpc.default.id}" vpc_id = "${data.aws_vpc.default.id}"
} }
##################################################
# VPC which is used as an argument in complete-sg
##################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "complete-sg-demo-vpc"
cidr = "10.20.0.0/20"
}
#############################################################
# Security group which is used as an argument in complete-sg
#############################################################
module "main_sg" {
source = "../../"
name = "main-sg"
description = "Security group which is used as an argument in complete-sg"
vpc_id = "${data.aws_vpc.default.id}"
ingress_cidr_blocks = ["10.10.0.0/16"]
ingress_rules = ["https-443-tcp"]
}
################################################ ################################################
# Security group with complete set of arguments # Security group with complete set of arguments
################################################ ################################################
...@@ -40,6 +64,10 @@ module "complete_sg" { ...@@ -40,6 +64,10 @@ module "complete_sg" {
# Open for all CIDRs defined in ingress_cidr_blocks # Open for all CIDRs defined in ingress_cidr_blocks
ingress_rules = ["https-443-tcp"] ingress_rules = ["https-443-tcp"]
# Use computed value here (eg, `${module...}`). Plain string is not a real use-case for this argument.
computed_ingress_rules = ["ssh-tcp"]
number_of_computed_ingress_rules = 1
# Open to CIDRs blocks (rule or from_port+to_port+protocol+description) # Open to CIDRs blocks (rule or from_port+to_port+protocol+description)
ingress_with_cidr_blocks = [ ingress_with_cidr_blocks = [
{ {
...@@ -59,6 +87,22 @@ module "complete_sg" { ...@@ -59,6 +87,22 @@ module "complete_sg" {
}, },
] ]
computed_ingress_with_cidr_blocks = [
{
rule = "postgresql-tcp"
cidr_blocks = "3.3.3.3/32,${module.vpc.vpc_cidr_block}"
},
{
from_port = 15
to_port = 25
protocol = 6
description = "Service name with vpc cidr"
cidr_blocks = "${module.vpc.vpc_cidr_block}"
},
]
number_of_computed_ingress_with_cidr_blocks = 2
# Open to IPV6 CIDR blocks (rule or from_port+to_port+protocol+description) # Open to IPV6 CIDR blocks (rule or from_port+to_port+protocol+description)
ingress_with_ipv6_cidr_blocks = [ ingress_with_ipv6_cidr_blocks = [
{ {
...@@ -70,6 +114,18 @@ module "complete_sg" { ...@@ -70,6 +114,18 @@ module "complete_sg" {
}, },
] ]
computed_ingress_with_ipv6_cidr_blocks = [
{
from_port = 350
to_port = 450
protocol = "tcp"
description = "Service ports (ipv6). VPC ID = ${module.vpc.vpc_id}"
ipv6_cidr_blocks = "2001:db8::/64"
},
]
number_of_computed_ingress_with_ipv6_cidr_blocks = 1
# Open for security group id (rule or from_port+to_port+protocol+description) # Open for security group id (rule or from_port+to_port+protocol+description)
ingress_with_source_security_group_id = [ ingress_with_source_security_group_id = [
{ {
...@@ -85,6 +141,22 @@ module "complete_sg" { ...@@ -85,6 +141,22 @@ module "complete_sg" {
}, },
] ]
computed_ingress_with_source_security_group_id = [
{
rule = "postgresql-tcp"
source_security_group_id = "${module.main_sg.this_security_group_id}"
},
{
from_port = 23
to_port = 23
protocol = 6
description = "Service name"
source_security_group_id = "${module.main_sg.this_security_group_id}"
},
]
number_of_computed_ingress_with_source_security_group_id = 2
# Open for self (rule or from_port+to_port+protocol+description) # Open for self (rule or from_port+to_port+protocol+description)
ingress_with_self = [ ingress_with_self = [
{ {
...@@ -105,6 +177,18 @@ module "complete_sg" { ...@@ -105,6 +177,18 @@ module "complete_sg" {
}, },
] ]
computed_ingress_with_self = [
{
from_port = 32
to_port = 43
protocol = 6
description = "Service name. VPC ID: ${module.vpc.vpc_id}"
self = true
},
]
number_of_computed_ingress_with_self = 1
# Default CIDR blocks, which will be used for all egress rules in this module. Typically these are CIDR blocks of the VPC. # Default CIDR blocks, which will be used for all egress rules in this module. Typically these are CIDR blocks of the VPC.
# If this is not specified then no CIDR blocks will be used. # If this is not specified then no CIDR blocks will be used.
egress_cidr_blocks = ["10.10.0.0/16"] egress_cidr_blocks = ["10.10.0.0/16"]
...@@ -116,6 +200,9 @@ module "complete_sg" { ...@@ -116,6 +200,9 @@ module "complete_sg" {
# Open for all CIDRs defined in egress_cidr_blocks # Open for all CIDRs defined in egress_cidr_blocks
egress_rules = ["http-80-tcp"] egress_rules = ["http-80-tcp"]
computed_egress_rules = ["ssh-tcp"]
number_of_computed_egress_rules = 1
# Open to CIDRs blocks (rule or from_port+to_port+protocol+description) # Open to CIDRs blocks (rule or from_port+to_port+protocol+description)
egress_with_cidr_blocks = [ egress_with_cidr_blocks = [
{ {
...@@ -135,6 +222,15 @@ module "complete_sg" { ...@@ -135,6 +222,15 @@ module "complete_sg" {
}, },
] ]
computed_egress_with_cidr_blocks = [
{
rule = "https-443-tcp"
cidr_blocks = "${module.vpc.vpc_cidr_block}"
},
]
number_of_computed_egress_with_cidr_blocks = 1
# Open to IPV6 CIDR blocks (rule or from_port+to_port+protocol+description) # Open to IPV6 CIDR blocks (rule or from_port+to_port+protocol+description)
egress_with_ipv6_cidr_blocks = [ egress_with_ipv6_cidr_blocks = [
{ {
...@@ -146,6 +242,18 @@ module "complete_sg" { ...@@ -146,6 +242,18 @@ module "complete_sg" {
}, },
] ]
computed_egress_with_ipv6_cidr_blocks = [
{
from_port = 55
to_port = 66
protocol = "tcp"
description = "Service ports (ipv6). VPC ID: ${module.vpc.vpc_id}"
ipv6_cidr_blocks = "2001:db8::/64"
},
]
number_of_computed_egress_with_ipv6_cidr_blocks = 1
# Open for security group id (rule or from_port+to_port+protocol+description) # Open for security group id (rule or from_port+to_port+protocol+description)
egress_with_source_security_group_id = [ egress_with_source_security_group_id = [
{ {
...@@ -161,6 +269,15 @@ module "complete_sg" { ...@@ -161,6 +269,15 @@ module "complete_sg" {
}, },
] ]
computed_egress_with_source_security_group_id = [
{
rule = "postgresql-tcp"
source_security_group_id = "${module.main_sg.this_security_group_id}"
},
]
number_of_computed_egress_with_source_security_group_id = 1
# Open for self (rule or from_port+to_port+protocol+description) # Open for self (rule or from_port+to_port+protocol+description)
egress_with_self = [ egress_with_self = [
{ {
...@@ -180,6 +297,14 @@ module "complete_sg" { ...@@ -180,6 +297,14 @@ module "complete_sg" {
self = false self = false
}, },
] ]
computed_egress_with_self = [
{
rule = "https-443-tcp"
},
]
number_of_computed_egress_with_self = 1
} }
###################################################### ######################################################
......
examples/computed/README.md 0 → 100644
View file @ f7e3636c
# Computed Security Group rules example
Configuration in this directory creates set of Security Group and Security Group Rules resources in various combination.
## Usage
To run this example you need to execute:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Outputs
| Name | Description |
|------|-------------|
| this_security_group_description | The description of the security group |
| this_security_group_id | The ID of the security group |
| this_security_group_name | The name of the security group |
| this_security_group_owner_id | The owner ID |
| this_security_group_vpc_id | The VPC ID |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/computed/main.tf 0 → 100644
View file @ f7e3636c
provider "aws" {
region = "eu-west-1"
}
#############################################################
# Data sources to get VPC and default security group details
#############################################################
data "aws_vpc" "default" {
default = true
}
data "aws_security_group" "default" {
name = "default"
vpc_id = "${data.aws_vpc.default.id}"
}
###########################
# Security groups examples
###########################
module "http_sg" {
source = "../../modules/https-443"
name = "computed-http-sg"
description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group"
vpc_id = "${data.aws_vpc.default.id}"
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_with_source_security_group_id = [
{
rule = "https-443-tcp"
source_security_group_id = "${data.aws_security_group.default.id}"
},
]
}
module "mysql_sg" {
source = "../../modules/mysql"
name = "computed-mysql-sg"
description = "Security group with MySQL/Aurora port open for HTTP security group created above (computed)"
vpc_id = "${data.aws_vpc.default.id}"
ingress_cidr_blocks = ["0.0.0.0/0"]
computed_ingress_with_source_security_group_id = [
{
rule = "mysql-tcp"
source_security_group_id = "${module.http_sg.this_security_group_id}"
},
]
number_of_computed_ingress_with_source_security_group_id = 1
}
examples/computed/outputs.tf 0 → 100644
View file @ f7e3636c
output "this_security_group_id" {
description = "The ID of the security group"
value = "${module.mysql_sg.this_security_group_id}"
}
output "this_security_group_vpc_id" {
description = "The VPC ID"
value = "${module.mysql_sg.this_security_group_vpc_id}"
}
output "this_security_group_owner_id" {
description = "The owner ID"
value = "${module.mysql_sg.this_security_group_owner_id}"
}
output "this_security_group_name" {
description = "The name of the security group"
value = "${module.mysql_sg.this_security_group_name}"
}
output "this_security_group_description" {
description = "The description of the security group"
value = "${module.mysql_sg.this_security_group_description}"
}
main.tf
View file @ f7e3636c
...@@ -31,6 +31,23 @@ resource "aws_security_group_rule" "ingress_rules" { ...@@ -31,6 +31,23 @@ resource "aws_security_group_rule" "ingress_rules" {
protocol = "${element(var.rules[var.ingress_rules[count.index]], 2)}" protocol = "${element(var.rules[var.ingress_rules[count.index]], 2)}"
} }
# Computed - Security group rules with "cidr_blocks" and it uses list of rules names
resource "aws_security_group_rule" "computed_ingress_rules" {
count = "${var.create ? var.number_of_computed_ingress_rules : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
cidr_blocks = ["${var.ingress_cidr_blocks}"]
ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${element(var.rules[var.computed_ingress_rules[count.index]], 3)}"
from_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 0)}"
to_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 1)}"
protocol = "${element(var.rules[var.computed_ingress_rules[count.index]], 2)}"
}
########################## ##########################
# Ingress - Maps of rules # Ingress - Maps of rules
########################## ##########################
...@@ -51,6 +68,23 @@ resource "aws_security_group_rule" "ingress_with_source_security_group_id" { ...@@ -51,6 +68,23 @@ resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
protocol = "${lookup(var.ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self"
resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id" {
count = "${var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
source_security_group_id = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "source_security_group_id")}"
ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
}
# Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" # Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "ingress_with_cidr_blocks" { resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
count = "${var.create ? length(var.ingress_with_cidr_blocks) : 0}" count = "${var.create ? length(var.ingress_with_cidr_blocks) : 0}"
...@@ -67,6 +101,22 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" { ...@@ -67,6 +101,22 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
protocol = "${lookup(var.ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
count = "${var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" # Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" { resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
count = "${var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0}" count = "${var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0}"
...@@ -83,6 +133,22 @@ resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" { ...@@ -83,6 +133,22 @@ resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
protocol = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" {
count = "${var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" # Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "ingress_with_self" { resource "aws_security_group_rule" "ingress_with_self" {
count = "${var.create ? length(var.ingress_with_self) : 0}" count = "${var.create ? length(var.ingress_with_self) : 0}"
...@@ -100,6 +166,23 @@ resource "aws_security_group_rule" "ingress_with_self" { ...@@ -100,6 +166,23 @@ resource "aws_security_group_rule" "ingress_with_self" {
protocol = "${lookup(var.ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "computed_ingress_with_self" {
count = "${var.create ? var.number_of_computed_ingress_with_self : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "ingress"
self = "${lookup(var.computed_ingress_with_self[count.index], "self", true)}"
ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
description = "${lookup(var.computed_ingress_with_self[count.index], "description", "Ingress Rule")}"
from_port = "${lookup(var.computed_ingress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_ingress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 2))}"
}
################# #################
# End of ingress # End of ingress
################# #################
...@@ -124,6 +207,23 @@ resource "aws_security_group_rule" "egress_rules" { ...@@ -124,6 +207,23 @@ resource "aws_security_group_rule" "egress_rules" {
protocol = "${element(var.rules[var.egress_rules[count.index]], 2)}" protocol = "${element(var.rules[var.egress_rules[count.index]], 2)}"
} }
# Computed - Security group rules with "cidr_blocks" and it uses list of rules names
resource "aws_security_group_rule" "computed_egress_rules" {
count = "${var.create ? var.number_of_computed_egress_rules : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
cidr_blocks = ["${var.egress_cidr_blocks}"]
ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${element(var.rules[var.computed_egress_rules[count.index]], 3)}"
from_port = "${element(var.rules[var.computed_egress_rules[count.index]], 0)}"
to_port = "${element(var.rules[var.computed_egress_rules[count.index]], 1)}"
protocol = "${element(var.rules[var.computed_egress_rules[count.index]], 2)}"
}
######################### #########################
# Egress - Maps of rules # Egress - Maps of rules
######################### #########################
...@@ -144,6 +244,23 @@ resource "aws_security_group_rule" "egress_with_source_security_group_id" { ...@@ -144,6 +244,23 @@ resource "aws_security_group_rule" "egress_with_source_security_group_id" {
protocol = "${lookup(var.egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self"
resource "aws_security_group_rule" "computed_egress_with_source_security_group_id" {
count = "${var.create ? var.number_of_computed_egress_with_source_security_group_id : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
source_security_group_id = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "source_security_group_id")}"
ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 2))}"
}
# Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" # Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "egress_with_cidr_blocks" { resource "aws_security_group_rule" "egress_with_cidr_blocks" {
count = "${var.create ? length(var.egress_with_cidr_blocks) : 0}" count = "${var.create ? length(var.egress_with_cidr_blocks) : 0}"
...@@ -160,6 +277,22 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" { ...@@ -160,6 +277,22 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" {
protocol = "${lookup(var.egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
count = "${var.create ? var.number_of_computed_egress_with_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" # Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" { resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
count = "${var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0}" count = "${var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0}"
...@@ -176,6 +309,22 @@ resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" { ...@@ -176,6 +309,22 @@ resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
protocol = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self"
resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" {
count = "${var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}"
}
# Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" # Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "egress_with_self" { resource "aws_security_group_rule" "egress_with_self" {
count = "${var.create ? length(var.egress_with_self) : 0}" count = "${var.create ? length(var.egress_with_self) : 0}"
...@@ -193,6 +342,23 @@ resource "aws_security_group_rule" "egress_with_self" { ...@@ -193,6 +342,23 @@ resource "aws_security_group_rule" "egress_with_self" {
protocol = "${lookup(var.egress_with_self[count.index], "protocol", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 2))}" protocol = "${lookup(var.egress_with_self[count.index], "protocol", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 2))}"
} }
# Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id"
resource "aws_security_group_rule" "computed_egress_with_self" {
count = "${var.create ? var.number_of_computed_egress_with_self : 0}"
security_group_id = "${aws_security_group.this.id}"
type = "egress"
self = "${lookup(var.computed_egress_with_self[count.index], "self", true)}"
ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"]
prefix_list_ids = ["${var.egress_prefix_list_ids}"]
description = "${lookup(var.computed_egress_with_self[count.index], "description", "Egress Rule")}"
from_port = "${lookup(var.computed_egress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 0))}"
to_port = "${lookup(var.computed_egress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 1))}"
protocol = "${lookup(var.computed_egress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 2))}"
}
################ ################
# End of egress # End of egress
################ ################
......
modules/_templates/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/_templates/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/carbon-relay-ng/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht ...@@ -18,10 +18,34 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht ...@@ -41,6 +65,22 @@ All automatic values **carbon-relay-ng module** is using are available [here](ht
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/carbon-relay-ng/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/carbon-relay-ng/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/carbon-relay-ng/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/cassandra/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **cassandra module** is using are available [here](https:// ...@@ -18,10 +18,34 @@ All automatic values **cassandra module** is using are available [here](https://
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **cassandra module** is using are available [here](https:// ...@@ -41,6 +65,22 @@ All automatic values **cassandra module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/cassandra/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/cassandra/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/cassandra/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/consul/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **consul module** is using are available [here](https://git ...@@ -18,10 +18,34 @@ All automatic values **consul module** is using are available [here](https://git
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **consul module** is using are available [here](https://git ...@@ -41,6 +65,22 @@ All automatic values **consul module** is using are available [here](https://git
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/consul/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/consul/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/consul/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/docker-swarm/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **docker-swarm module** is using are available [here](https ...@@ -18,10 +18,34 @@ All automatic values **docker-swarm module** is using are available [here](https
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **docker-swarm module** is using are available [here](https ...@@ -41,6 +65,22 @@ All automatic values **docker-swarm module** is using are available [here](https
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/docker-swarm/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/docker-swarm/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/docker-swarm/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/elasticsearch/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **elasticsearch module** is using are available [here](http ...@@ -18,10 +18,34 @@ All automatic values **elasticsearch module** is using are available [here](http
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **elasticsearch module** is using are available [here](http ...@@ -41,6 +65,22 @@ All automatic values **elasticsearch module** is using are available [here](http
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/elasticsearch/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/elasticsearch/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/elasticsearch/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/http-80/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **http-80 module** is using are available [here](https://gi ...@@ -18,10 +18,34 @@ All automatic values **http-80 module** is using are available [here](https://gi
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **http-80 module** is using are available [here](https://gi ...@@ -41,6 +65,22 @@ All automatic values **http-80 module** is using are available [here](https://gi
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/http-80/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/http-80/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/http-80/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/https-443/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **https-443 module** is using are available [here](https:// ...@@ -18,10 +18,34 @@ All automatic values **https-443 module** is using are available [here](https://
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **https-443 module** is using are available [here](https:// ...@@ -41,6 +65,22 @@ All automatic values **https-443 module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/https-443/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/https-443/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/https-443/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/ipsec-4500/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/ ...@@ -18,10 +18,34 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/ ...@@ -41,6 +65,22 @@ All automatic values **ipsec-4500 module** is using are available [here](https:/
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/ipsec-4500/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/ipsec-4500/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/ipsec-4500/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/ipsec-500/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **ipsec-500 module** is using are available [here](https:// ...@@ -18,10 +18,34 @@ All automatic values **ipsec-500 module** is using are available [here](https://
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **ipsec-500 module** is using are available [here](https:// ...@@ -41,6 +65,22 @@ All automatic values **ipsec-500 module** is using are available [here](https://
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/ipsec-500/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/ipsec-500/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/ipsec-500/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"
default = ["0.0.0.0/0"]
}
variable "computed_egress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed egress rules"
default = ["::/0"]
}
variable "computed_egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = []
}
##################################
# Number of computed egress rules
##################################
variable "number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_egress_with_cidr_blocks" {
description = "Number of computed egress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_ipv6_cidr_blocks" {
description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_egress_with_source_security_group_id" {
description = "Number of computed egress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_egress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed egress rules"
default = 0
}
variable "number_of_computed_egress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules"
default = 0
}
modules/kafka/README.md
View file @ f7e3636c
...@@ -18,10 +18,34 @@ All automatic values **kafka module** is using are available [here](https://gith ...@@ -18,10 +18,34 @@ All automatic values **kafka module** is using are available [here](https://gith
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| auto_computed_egress_rules | List of computed egress rules to add automatically | list | `<list>` | no |
| auto_computed_egress_with_self | List of maps defining computed egress rules with self to add automatically | list | `<list>` | no |
| auto_computed_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_computed_ingress_with_self | List of maps defining computed ingress rules with self to add automatically | list | `<list>` | no |
| auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no | | auto_egress_rules | List of egress rules to add automatically | list | `<list>` | no |
| auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no | | auto_egress_with_self | List of maps defining egress rules with self to add automatically | list | `<list>` | no |
| auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no | | auto_ingress_rules | List of ingress rules to add automatically | list | `<list>` | no |
| auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no | | auto_ingress_with_self | List of maps defining ingress rules with self to add automatically | list | `<list>` | no |
| auto_number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| auto_number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| auto_number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| auto_number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| computed_egress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed egress rules | string | `<list>` | no |
| computed_egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `<list>` | no |
| computed_egress_rules | List of computed egress rules to create by name | string | `<list>` | no |
| computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_egress_with_self | List of computed egress rules to create where 'self' is defined | string | `<list>` | no |
| computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| computed_ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `<list>` | no |
| computed_ingress_rules | List of computed ingress rules to create by name | string | `<list>` | no |
| computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `<list>` | no |
| computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | string | `<list>` | no |
| computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| create | Whether to create security group and all rules | string | `true` | no | | create | Whether to create security group and all rules | string | `true` | no |
| description | Description of security group | string | `Security Group managed by Terraform` | no | | description | Description of security group | string | `Security Group managed by Terraform` | no |
| egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no | | egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | string | `<list>` | no |
...@@ -41,6 +65,22 @@ All automatic values **kafka module** is using are available [here](https://gith ...@@ -41,6 +65,22 @@ All automatic values **kafka module** is using are available [here](https://gith
| ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no | | ingress_with_self | List of ingress rules to create where 'self' is defined | string | `<list>` | no |
| ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no | | ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | string | `<list>` | no |
| name | Name of security group | string | - | yes | | name | Name of security group | string | - | yes |
| number_of_computed_egress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules | string | `0` | no |
| number_of_computed_egress_rules | Number of computed egress rules to create by name | string | `0` | no |
| number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | string | `0` | no |
| number_of_computed_ingress_cidr_blocks | Number of IPv4 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_ipv6_cidr_blocks | Number of IPv6 CIDR ranges to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_prefix_list_ids | Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules | string | `0` | no |
| number_of_computed_ingress_rules | Number of computed ingress rules to create by name | string | `0` | no |
| number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | string | `0` | no |
| number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | string | `0` | no |
| number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | string | `0` | no |
| tags | A mapping of tags to assign to security group | string | `<map>` | no | | tags | A mapping of tags to assign to security group | string | `<map>` | no |
| vpc_id | ID of the VPC where to create security group | string | - | yes | | vpc_id | ID of the VPC where to create security group | string | - | yes |
......
modules/kafka/auto_values.tf
View file @ f7e3636c
...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" { ...@@ -29,3 +29,49 @@ variable "auto_egress_with_self" {
type = "list" type = "list"
default = [] default = []
} }
# Computed
variable "auto_computed_ingress_rules" {
description = "List of ingress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_ingress_with_self" {
description = "List of maps defining computed ingress rules with self to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_rules" {
description = "List of computed egress rules to add automatically"
type = "list"
default = []
}
variable "auto_computed_egress_with_self" {
description = "List of maps defining computed egress rules with self to add automatically"
type = "list"
default = []
}
# Number of computed rules
variable "auto_number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "auto_number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "auto_number_of_computed_egress_rules" {
description = "Number of computed egress rules to create by name"
default = 0
}
variable "auto_number_of_computed_egress_with_self" {
description = "Number of computed egress rules to create where 'self' is defined"
default = 0
}
modules/kafka/main.tf
View file @ f7e3636c
...@@ -32,6 +32,34 @@ module "sg" { ...@@ -32,6 +32,34 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"]
###################
# Computed Ingress
###################
# Rules by names - open for default CIDR
computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"]
# Open for self
computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"]
# Open to IPv4 cidr blocks
computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"]
#############################
# Number of computed ingress
#############################
number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}"
number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}"
number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}"
number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}"
number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}"
######### #########
# Egress # Egress
######### #########
...@@ -56,4 +84,32 @@ module "sg" { ...@@ -56,4 +84,32 @@ module "sg" {
# Default prefix list ids # Default prefix list ids
egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"]
##################
# Computed Egress
##################
# Rules by names - open for default CIDR
computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"]
# Open for self
computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"]
# Open to IPv4 cidr blocks
computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"]
# Open to IPv6 cidr blocks
computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"]
# Open for security group id
computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"]
#############################
# Number of computed egress
#############################
number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}"
number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}"
number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}"
number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}"
number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}"
} }
modules/kafka/variables.tf
View file @ f7e3636c
...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" { ...@@ -67,6 +67,92 @@ variable "ingress_prefix_list_ids" {
default = [] default = []
} }
###################
# Computed Ingress
###################
variable "computed_ingress_rules" {
description = "List of computed ingress rules to create by name"
default = []
}
variable "computed_ingress_with_self" {
description = "List of computed ingress rules to create where 'self' is defined"
default = []
}
variable "computed_ingress_with_cidr_blocks" {
description = "List of computed ingress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_ipv6_cidr_blocks" {
description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_ingress_with_source_security_group_id" {
description = "List of computed ingress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_ipv6_cidr_blocks" {
description = "List of IPv6 CIDR ranges to use on all computed ingress rules"
default = []
}
variable "computed_ingress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = []
}
###################################
# Number of computed ingress rules
###################################
variable "number_of_computed_ingress_rules" {
description = "Number of computed ingress rules to create by name"
default = 0
}
variable "number_of_computed_ingress_with_self" {
description = "Number of computed ingress rules to create where 'self' is defined"
default = 0
}
variable "number_of_computed_ingress_with_cidr_blocks" {
description = "Number of computed ingress rules to create where 'cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_ipv6_cidr_blocks" {
description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used"
default = 0
}
variable "number_of_computed_ingress_with_source_security_group_id" {
description = "Number of computed ingress rules to create where 'source_security_group_id' is used"
default = 0
}
variable "number_of_computed_ingress_cidr_blocks" {
description = "Number of IPv4 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_ipv6_cidr_blocks" {
description = "Number of IPv6 CIDR ranges to use on all computed ingress rules"
default = 0
}
variable "number_of_computed_ingress_prefix_list_ids" {
description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed ingress rules"
default = 0
}
######### #########
# Egress # Egress
######### #########
...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" { ...@@ -109,3 +195,89 @@ variable "egress_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules"
default = [] default = []
} }
##################
# Computed Egress
##################
variable "computed_egress_rules" {
description = "List of computed egress rules to create by name"
default = []
}
variable "computed_egress_with_self" {
description = "List of computed egress rules to create where 'self' is defined"
default = []
}
variable "computed_egress_with_cidr_blocks" {
description = "List of computed egress rules to create where 'cidr_blocks' is used"
default = []
}
variable "computed_egress_with_ipv6_cidr_blocks" {
description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used"
default = []
}
variable "computed_egress_with_source_security_group_id" {
description = "List of computed egress rules to create where 'source_security_group_id' is used"
default = []
}
variable "computed_egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all computed egress rules"