Merge pull request #3 from terraform-aws-modules/remove_default_ip_cidrs

Remove default cidr for ingress rules

examples/complete/main.tf

@@ -30,7 +30,7 @@ module "complete_sg" {
   }
 
   # Default CIDR blocks, which will be used for all ingress rules in this module. Typically these are CIDR blocks of the VPC.
-  # If this is not specified then world-open CIDR blocks are used.
+  # If this is not specified then no CIDR blocks will be used.
   ingress_cidr_blocks = ["10.10.0.0/16"]
 
   ingress_ipv6_cidr_blocks = ["2001:db8::/64"]
@@ -93,7 +93,7 @@ module "complete_sg" {
     },
   ]
   # Default CIDR blocks, which will be used for all egress rules in this module. Typically these are CIDR blocks of the VPC.
-  # If this is not specified then world-open CIDR blocks are used.
+  # If this is not specified then no CIDR blocks will be used.
   egress_cidr_blocks = ["10.10.0.0/16"]
   egress_ipv6_cidr_blocks = ["2001:db8::/64"]
 

examples/http/main.tf

@@ -25,8 +25,10 @@ module "http_sg" {
   source = "../../modules/http-80"
 
   name        = "http-sg"
-  description = "Security group with HTTP ports open for everybody, egress ports are all world open"
+  description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open"
   vpc_id      = "${data.aws_vpc.default.id}"
+
+  ingress_cidr_blocks = ["0.0.0.0/0"]
 }
 
 #####################
@@ -36,9 +38,11 @@ module "http_mysql_1_sg" {
   source = "../../modules/http-80"
 
   name        = "http-mysql-1"
-  description = "Security group with HTTP and MySQL ports open for everybody globally"
+  description = "Security group with HTTP and MySQL ports open for everybody (IPv4 CIDR)"
   vpc_id      = "${data.aws_vpc.default.id}"
 
+  ingress_cidr_blocks = ["0.0.0.0/0"]
+
   # Add MySQL rules
   ingress_rules = ["mysql-tcp"]
 }

modules/_templates/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/carbon-relay-ng/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/carbon-relay-ng/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/cassandra/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/cassandra/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/consul/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/consul/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/docker-swarm/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/docker-swarm/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/elasticsearch/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/elasticsearch/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/http-80/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/http-80/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/https-443/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/https-443/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/kafka/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/kafka/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/ldaps/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/ldaps/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/memcached/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/memcached/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/mssql/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/mssql/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/mysql/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/mysql/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/nomad/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/nomad/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/openvpn/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/openvpn/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/postgresql/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/postgresql/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/redis/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/redis/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/ssh/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/ssh/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/storm/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/storm/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/web/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/web/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/zipkin/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/zipkin/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

modules/zookeeper/auto_values.tf

@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
-  default     = []
+
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = []
 }

modules/zookeeper/variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {

rules.tf

@@ -120,129 +120,129 @@ variable "auto_groups" {
   # Valid keys - ingress_rules, egress_rules, ingress_with_self, egress_with_self
   default = {
     carbon-relay-ng = {
-      ingress_rules           = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     cassandra = {
-      ingress_rules           = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     consul = {
-      ingress_rules           = ["consul-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["consul-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     docker-swarm = {
-      ingress_rules           = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     elasticsearch = {
-      ingress_rules           = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     http-80 = {
-      ingress_rules           = ["http-80-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["http-80-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     https-443 = {
-      ingress_rules           = ["https-443-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["https-443-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     kafka = {
-      ingress_rules           = ["kafka-broker-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["kafka-broker-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     ldaps = {
-      ingress_rules           = ["ldaps-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["ldaps-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     memcached = {
-      ingress_rules           = ["memcached-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["memcached-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     mysql = {
-      ingress_rules           = ["mysql-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["mysql-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     mssql = {
-      ingress_rules           = ["mssql-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["mssql-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     nomad = {
-      ingress_rules           = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     openvpn = {
-      ingress_rules           = ["openvpn-udp", "openvpn-tcp", "openvpn-443-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["openvpn-udp", "openvpn-tcp", "openvpn-443-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     postgresql = {
-      ingress_rules           = ["postgresql-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["postgresql-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     redis = {
-      ingress_rules           = ["redis-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["redis-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     ssh = {
-      ingress_rules           = ["ssh-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["ssh-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     storm = {
-      ingress_rules           = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     web = {
-      ingress_rules           = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     zipkin = {
-      ingress_rules           = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
 
     zookeeper = {
-      ingress_rules           = ["zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"]
-      ingress_rules_with_self = ["all-all"]
-      egress_rules            = ["all-all"]
+      ingress_rules     = ["zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"]
+      ingress_with_self = ["all-all"]
+      egress_rules      = ["all-all"]
     }
   }
 }

update_groups.sh

@@ -104,7 +104,7 @@ variable "auto_ingress_rules" {
 }
 
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
   type        = "list"
   default     = $ingress_with_self
 }
@@ -116,7 +116,7 @@ variable "auto_egress_rules" {
 }
 
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
   type        = "list"
   default     = $egress_with_self
 }

variables.tf

@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 
 variable "ingress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 
 variable "ingress_ipv6_cidr_blocks" {
   description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 
 variable "ingress_prefix_list_ids" {