Merge pull request #3 from terraform-aws-modules/remove_default_ip_cidrs

Remove default cidr for ingress rules

Merge pull request #3 from terraform-aws-modules/remove_default_ip_cidrs
Remove default cidr for ingress rules
f9021241 · Anton Babenko · GitHub · abb27a84 · bfb6e96b · f9021241
Commit f9021241 authored Oct 06, 2017 by Anton Babenko Committed by GitHub Oct 06, 2017
48 changed files
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -30,7 +30,7 @@ module "complete_sg" {
  }
  # Default CIDR blocks, which will be used for all ingress rules in this module. Typically these are CIDR blocks of the VPC.
-  # If this is not specified then world-open CIDR blocks are used.
+  # If this is not specified then no CIDR blocks will be used.
  ingress_cidr_blocks = ["10.10.0.0/16"]
  ingress_ipv6_cidr_blocks = ["2001:db8::/64"]
@@ -93,7 +93,7 @@ module "complete_sg" {
    },
  ]
  # Default CIDR blocks, which will be used for all egress rules in this module. Typically these are CIDR blocks of the VPC.
-  # If this is not specified then world-open CIDR blocks are used.
+  # If this is not specified then no CIDR blocks will be used.
  egress_cidr_blocks = ["10.10.0.0/16"]
  egress_ipv6_cidr_blocks = ["2001:db8::/64"]

--- a/examples/http/main.tf
+++ b/examples/http/main.tf
@@ -25,8 +25,10 @@ module "http_sg" {
  source = "../../modules/http-80"
  name        = "http-sg"
-  description = "Security group with HTTP ports open for everybody, egress ports are all world open"
+  description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open"
  vpc_id      = "${data.aws_vpc.default.id}"
+  ingress_cidr_blocks = ["0.0.0.0/0"]
 }
 #####################
@@ -36,9 +38,11 @@ module "http_mysql_1_sg" {
  source = "../../modules/http-80"
  name        = "http-mysql-1"
-  description = "Security group with HTTP and MySQL ports open for everybody globally"
+  description = "Security group with HTTP and MySQL ports open for everybody (IPv4 CIDR)"
  vpc_id      = "${data.aws_vpc.default.id}"
+  ingress_cidr_blocks = ["0.0.0.0/0"]
  # Add MySQL rules
  ingress_rules = ["mysql-tcp"]
 }

--- a/modules/_templates/variables.tf
+++ b/modules/_templates/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/carbon-relay-ng/auto_values.tf
+++ b/modules/carbon-relay-ng/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/carbon-relay-ng/variables.tf
+++ b/modules/carbon-relay-ng/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/cassandra/auto_values.tf
+++ b/modules/cassandra/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/cassandra/variables.tf
+++ b/modules/cassandra/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/consul/auto_values.tf
+++ b/modules/consul/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/consul/variables.tf
+++ b/modules/consul/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/docker-swarm/auto_values.tf
+++ b/modules/docker-swarm/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/docker-swarm/variables.tf
+++ b/modules/docker-swarm/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/elasticsearch/auto_values.tf
+++ b/modules/elasticsearch/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/elasticsearch/variables.tf
+++ b/modules/elasticsearch/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/http-80/auto_values.tf
+++ b/modules/http-80/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/http-80/variables.tf
+++ b/modules/http-80/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/https-443/auto_values.tf
+++ b/modules/https-443/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/https-443/variables.tf
+++ b/modules/https-443/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/kafka/auto_values.tf
+++ b/modules/kafka/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/kafka/variables.tf
+++ b/modules/kafka/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/ldaps/auto_values.tf
+++ b/modules/ldaps/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/ldaps/variables.tf
+++ b/modules/ldaps/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/memcached/auto_values.tf
+++ b/modules/memcached/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/memcached/variables.tf
+++ b/modules/memcached/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/mssql/auto_values.tf
+++ b/modules/mssql/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/mssql/variables.tf
+++ b/modules/mssql/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/mysql/auto_values.tf
+++ b/modules/mysql/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/mysql/variables.tf
+++ b/modules/mysql/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/nomad/auto_values.tf
+++ b/modules/nomad/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/nomad/variables.tf
+++ b/modules/nomad/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/openvpn/auto_values.tf
+++ b/modules/openvpn/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/openvpn/variables.tf
+++ b/modules/openvpn/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/postgresql/auto_values.tf
+++ b/modules/postgresql/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/postgresql/variables.tf
+++ b/modules/postgresql/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/redis/auto_values.tf
+++ b/modules/redis/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/redis/variables.tf
+++ b/modules/redis/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/ssh/auto_values.tf
+++ b/modules/ssh/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/ssh/variables.tf
+++ b/modules/ssh/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/storm/auto_values.tf
+++ b/modules/storm/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/storm/variables.tf
+++ b/modules/storm/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/web/auto_values.tf
+++ b/modules/web/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/web/variables.tf
+++ b/modules/web/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/zipkin/auto_values.tf
+++ b/modules/zipkin/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/zipkin/variables.tf
+++ b/modules/zipkin/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/modules/zookeeper/auto_values.tf
+++ b/modules/zookeeper/auto_values.tf
@@ -10,9 +10,12 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
-  default     = []
+  default = [{
+    "rule" = "all-all"
+  }]
 }
 variable "auto_egress_rules" {
@@ -22,7 +25,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = []
 }
--- a/modules/zookeeper/variables.tf
+++ b/modules/zookeeper/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {

--- a/rules.tf
+++ b/rules.tf
@@ -121,127 +121,127 @@ variable "auto_groups" {
  default = {
    carbon-relay-ng = {
      ingress_rules     = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    cassandra = {
      ingress_rules     = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    consul = {
      ingress_rules     = ["consul-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    docker-swarm = {
      ingress_rules     = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    elasticsearch = {
      ingress_rules     = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    http-80 = {
      ingress_rules     = ["http-80-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    https-443 = {
      ingress_rules     = ["https-443-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    kafka = {
      ingress_rules     = ["kafka-broker-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    ldaps = {
      ingress_rules     = ["ldaps-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    memcached = {
      ingress_rules     = ["memcached-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    mysql = {
      ingress_rules     = ["mysql-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    mssql = {
      ingress_rules     = ["mssql-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    nomad = {
      ingress_rules     = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    openvpn = {
      ingress_rules     = ["openvpn-udp", "openvpn-tcp", "openvpn-443-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    postgresql = {
      ingress_rules     = ["postgresql-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    redis = {
      ingress_rules     = ["redis-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    ssh = {
      ingress_rules     = ["ssh-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    storm = {
      ingress_rules     = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    web = {
      ingress_rules     = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    zipkin = {
      ingress_rules     = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
    zookeeper = {
      ingress_rules     = ["zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"]
-      ingress_rules_with_self = ["all-all"]
+      ingress_with_self = ["all-all"]
      egress_rules      = ["all-all"]
    }
  }

--- a/update_groups.sh
+++ b/update_groups.sh
@@ -104,7 +104,7 @@ variable "auto_ingress_rules" {
 }
 variable "auto_ingress_with_self" {
-  description = "List of ingress rules with self to add automatically"
+  description = "List of maps defining ingress rules with self to add automatically"
  type        = "list"
  default     = $ingress_with_self
 }
@@ -116,7 +116,7 @@ variable "auto_egress_rules" {
 }
 variable "auto_egress_with_self" {
-  description = "List of egress rules with self to add automatically"
+  description = "List of maps defining egress rules with self to add automatically"
  type        = "list"
  default     = $egress_with_self
 }

--- a/variables.tf
+++ b/variables.tf
@@ -44,12 +44,12 @@ variable "ingress_with_source_security_group_id" {
 variable "ingress_cidr_blocks" {
  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  default     = ["0.0.0.0/0"]
+  default     = []
 }
 variable "ingress_ipv6_cidr_blocks" {
  description = "List of IPv6 CIDR ranges to use on all ingress rules"
-  default     = ["::/0"]
+  default     = []
 }
 variable "ingress_prefix_list_ids" {