diff --git a/README.md b/README.md
index 24f893b8..1877c916 100644
--- a/README.md
+++ b/README.md
@@ -164,7 +164,7 @@ No issue is creating limit on this module.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 2.42 |
+| [aws](#provider\_aws) | 3.56.0 |
## Modules
@@ -179,21 +179,25 @@ No modules.
| [aws_security_group_rule.computed_egress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.computed_egress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_egress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.computed_ingress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.computed_ingress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.egress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.egress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_ipv6_cidr_blocks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.ingress_with_prefix_list_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.ingress_with_source_security_group_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
@@ -205,11 +209,13 @@ No modules.
| [computed\_egress\_rules](#input\_computed\_egress\_rules) | List of computed egress rules to create by name | `list(string)` | `[]` | no |
| [computed\_egress\_with\_cidr\_blocks](#input\_computed\_egress\_with\_cidr\_blocks) | List of computed egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [computed\_egress\_with\_ipv6\_cidr\_blocks](#input\_computed\_egress\_with\_ipv6\_cidr\_blocks) | List of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [computed\_egress\_with\_prefix\_list\_ids](#input\_computed\_egress\_with\_prefix\_list\_ids) | List of computed egress rules to create where 'prefix\_list\_ids' is used only | `list(map(string))` | `[]` | no |
| [computed\_egress\_with\_self](#input\_computed\_egress\_with\_self) | List of computed egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [computed\_egress\_with\_source\_security\_group\_id](#input\_computed\_egress\_with\_source\_security\_group\_id) | List of computed egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
| [computed\_ingress\_rules](#input\_computed\_ingress\_rules) | List of computed ingress rules to create by name | `list(string)` | `[]` | no |
| [computed\_ingress\_with\_cidr\_blocks](#input\_computed\_ingress\_with\_cidr\_blocks) | List of computed ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [computed\_ingress\_with\_ipv6\_cidr\_blocks](#input\_computed\_ingress\_with\_ipv6\_cidr\_blocks) | List of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [computed\_ingress\_with\_prefix\_list\_ids](#input\_computed\_ingress\_with\_prefix\_list\_ids) | List of computed ingress rules to create where 'prefix\_list\_ids' is used | `list(map(string))` | `[]` | no |
| [computed\_ingress\_with\_self](#input\_computed\_ingress\_with\_self) | List of computed ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [computed\_ingress\_with\_source\_security\_group\_id](#input\_computed\_ingress\_with\_source\_security\_group\_id) | List of computed ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
| [create](#input\_create) | Whether to create security group and all rules | `bool` | `true` | no |
@@ -221,25 +227,30 @@ No modules.
| [egress\_rules](#input\_egress\_rules) | List of egress rules to create by name | `list(string)` | `[]` | no |
| [egress\_with\_cidr\_blocks](#input\_egress\_with\_cidr\_blocks) | List of egress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [egress\_with\_ipv6\_cidr\_blocks](#input\_egress\_with\_ipv6\_cidr\_blocks) | List of egress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [egress\_with\_prefix\_list\_ids](#input\_egress\_with\_prefix\_list\_ids) | List of egress rules to create where 'prefix\_list\_ids' is used only | `list(map(string))` | `[]` | no |
| [egress\_with\_self](#input\_egress\_with\_self) | List of egress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [egress\_with\_source\_security\_group\_id](#input\_egress\_with\_source\_security\_group\_id) | List of egress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
+| [enable\_prefix\_lists\_cross\_over](#input\_enable\_prefix\_lists\_cross\_over) | Instruct Terraform to create crossing over ingress and egress Security Group Rules that cover also the Prefix lists provided as input. | `bool` | `true` | no |
| [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | List of IPv4 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
| [ingress\_ipv6\_cidr\_blocks](#input\_ingress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to use on all ingress rules | `list(string)` | `[]` | no |
| [ingress\_prefix\_list\_ids](#input\_ingress\_prefix\_list\_ids) | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | `list(string)` | `[]` | no |
| [ingress\_rules](#input\_ingress\_rules) | List of ingress rules to create by name | `list(string)` | `[]` | no |
| [ingress\_with\_cidr\_blocks](#input\_ingress\_with\_cidr\_blocks) | List of ingress rules to create where 'cidr\_blocks' is used | `list(map(string))` | `[]` | no |
| [ingress\_with\_ipv6\_cidr\_blocks](#input\_ingress\_with\_ipv6\_cidr\_blocks) | List of ingress rules to create where 'ipv6\_cidr\_blocks' is used | `list(map(string))` | `[]` | no |
+| [ingress\_with\_prefix\_list\_ids](#input\_ingress\_with\_prefix\_list\_ids) | List of ingress rules to create where 'prefix\_list\_ids' is used only | `list(map(string))` | `[]` | no |
| [ingress\_with\_self](#input\_ingress\_with\_self) | List of ingress rules to create where 'self' is defined | `list(map(string))` | `[]` | no |
| [ingress\_with\_source\_security\_group\_id](#input\_ingress\_with\_source\_security\_group\_id) | List of ingress rules to create where 'source\_security\_group\_id' is used | `list(map(string))` | `[]` | no |
| [name](#input\_name) | Name of security group - not required if create\_group is false | `string` | `null` | no |
| [number\_of\_computed\_egress\_rules](#input\_number\_of\_computed\_egress\_rules) | Number of computed egress rules to create by name | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_cidr\_blocks](#input\_number\_of\_computed\_egress\_with\_cidr\_blocks) | Number of computed egress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks](#input\_number\_of\_computed\_egress\_with\_ipv6\_cidr\_blocks) | Number of computed egress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| [number\_of\_computed\_egress\_with\_prefix\_list\_ids](#input\_number\_of\_computed\_egress\_with\_prefix\_list\_ids) | Number of computed egress rules to create where 'prefix\_list\_ids' is used only | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_self](#input\_number\_of\_computed\_egress\_with\_self) | Number of computed egress rules to create where 'self' is defined | `number` | `0` | no |
| [number\_of\_computed\_egress\_with\_source\_security\_group\_id](#input\_number\_of\_computed\_egress\_with\_source\_security\_group\_id) | Number of computed egress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
| [number\_of\_computed\_ingress\_rules](#input\_number\_of\_computed\_ingress\_rules) | Number of computed ingress rules to create by name | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_cidr\_blocks](#input\_number\_of\_computed\_ingress\_with\_cidr\_blocks) | Number of computed ingress rules to create where 'cidr\_blocks' is used | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks](#input\_number\_of\_computed\_ingress\_with\_ipv6\_cidr\_blocks) | Number of computed ingress rules to create where 'ipv6\_cidr\_blocks' is used | `number` | `0` | no |
+| [number\_of\_computed\_ingress\_with\_prefix\_list\_ids](#input\_number\_of\_computed\_ingress\_with\_prefix\_list\_ids) | Number of computed ingress rules to create where 'prefix\_list\_ids' is used | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_self](#input\_number\_of\_computed\_ingress\_with\_self) | Number of computed ingress rules to create where 'self' is defined | `number` | `0` | no |
| [number\_of\_computed\_ingress\_with\_source\_security\_group\_id](#input\_number\_of\_computed\_ingress\_with\_source\_security\_group\_id) | Number of computed ingress rules to create where 'source\_security\_group\_id' is used | `number` | `0` | no |
| [revoke\_rules\_on\_delete](#input\_revoke\_rules\_on\_delete) | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | `bool` | `false` | no |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 43a62c72..e58e9590 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -25,18 +25,18 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 3.56.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [complete\_sg](#module\_complete\_sg) | ../../ | |
-| [fixed\_name\_sg](#module\_fixed\_name\_sg) | ../../ | |
-| [ipv4\_ipv6\_example](#module\_ipv4\_ipv6\_example) | ../../ | |
-| [main\_sg](#module\_main\_sg) | ../../ | |
-| [only\_rules](#module\_only\_rules) | ../../ | |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | |
+| [complete\_sg](#module\_complete\_sg) | ../../ | n/a |
+| [fixed\_name\_sg](#module\_fixed\_name\_sg) | ../../ | n/a |
+| [ipv4\_ipv6\_example](#module\_ipv4\_ipv6\_example) | ../../ | n/a |
+| [main\_sg](#module\_main\_sg) | ../../ | n/a |
+| [only\_rules](#module\_only\_rules) | ../../ | n/a |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a |
## Resources
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 9e6e172d..197ab816 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -313,6 +313,80 @@ module "complete_sg" {
number_of_computed_egress_with_self = 1
}
+#################################################################################
+# Security group with ingress and egress prefix list ids without cross over ports
+#################################################################################
+module "prefix_lists_sg" {
+ source = "../../"
+
+ name = "prefix-lists-sg"
+ description = "Security group with ingress and egress prefix list ids arguments"
+ vpc_id = data.aws_vpc.default.id
+
+ enable_prefix_lists_cross_over = false
+
+ tags = {
+ Cash = "king"
+ Department = "kingdom"
+ }
+
+ # Prefix list ids to use only in ingress prefix list ids attribute (since 'enable_prefix_lists_cross_over' is false).
+ ingress_prefix_list_ids = ["pl-6da54004"]
+
+ # Open for Prefix List Ids only (rule or from_port+to_port+protocol+description)
+ ingress_with_prefix_list_ids = [
+ {
+ from_port = 1041
+ to_port = 1051
+ protocol = 6
+ description = "Service name"
+ }
+ ]
+
+ computed_ingress_with_prefix_list_ids = [
+ {
+ from_port = 6662
+ to_port = 6683
+ protocol = 6
+ description = "Service name. VPC ID: ${module.vpc.vpc_id}"
+ }
+ ]
+
+ number_of_computed_ingress_with_prefix_list_ids = 1
+
+ # Prefix list ids to use in all egress rules in this module.
+ egress_prefix_list_ids = ["pl-6da54004"]
+
+ egress_with_prefix_list_ids = [
+ {
+ rule = "nfs-tcp"
+ },
+ {
+ from_port = 840
+ to_port = 860
+ protocol = 6
+ description = "Service name"
+ },
+ {
+ from_port = 941
+ to_port = 951
+ protocol = 6
+ description = "Service name again"
+ }
+ ]
+
+ computed_egress_with_prefix_list_ids = [
+ {
+ from_port = 8732
+ to_port = 8743
+ protocol = 6
+ description = "Service name. VPC ID: ${module.vpc.vpc_id}"
+ }
+ ]
+
+ number_of_computed_egress_with_prefix_list_ids = 1
+}
+
######################################################
# Security group with IPv4 and IPv6 sets of arguments
######################################################
@@ -395,5 +469,4 @@ module "only_rules" {
source_security_group_id = data.aws_security_group.default.id
},
]
-}
-
+}
\ No newline at end of file
diff --git a/examples/computed/README.md b/examples/computed/README.md
index 4db55e8a..dba76999 100644
--- a/examples/computed/README.md
+++ b/examples/computed/README.md
@@ -23,14 +23,14 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 3.56.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [http\_sg](#module\_http\_sg) | ../../modules/https-443 | |
-| [mysql\_sg](#module\_mysql\_sg) | ../../modules/mysql | |
+| [http\_sg](#module\_http\_sg) | ../../modules/https-443 | n/a |
+| [mysql\_sg](#module\_mysql\_sg) | ../../modules/mysql | n/a |
## Resources
diff --git a/examples/disabled/README.md b/examples/disabled/README.md
index 79ecd4f3..4bafd15b 100644
--- a/examples/disabled/README.md
+++ b/examples/disabled/README.md
@@ -25,14 +25,14 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 3.56.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [complete\_sg\_disabled](#module\_complete\_sg\_disabled) | ../../ | |
-| [http\_sg\_disabled](#module\_http\_sg\_disabled) | ../../modules/http-80 | |
+| [complete\_sg\_disabled](#module\_complete\_sg\_disabled) | ../../ | n/a |
+| [http\_sg\_disabled](#module\_http\_sg\_disabled) | ../../modules/http-80 | n/a |
## Resources
diff --git a/examples/dynamic/README.md b/examples/dynamic/README.md
index e643a44f..20dfa7f8 100644
--- a/examples/dynamic/README.md
+++ b/examples/dynamic/README.md
@@ -25,13 +25,13 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 3.56.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [http\_sg](#module\_http\_sg) | ../../modules/http-80 | |
+| [http\_sg](#module\_http\_sg) | ../../modules/http-80 | n/a |
## Resources
diff --git a/examples/http/README.md b/examples/http/README.md
index 3693024e..d4c7e269 100644
--- a/examples/http/README.md
+++ b/examples/http/README.md
@@ -25,17 +25,17 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 3.56.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [http\_mysql\_1\_sg](#module\_http\_mysql\_1\_sg) | ../../modules/http-80 | |
-| [http\_mysql\_2\_sg](#module\_http\_mysql\_2\_sg) | ../../modules/http-80 | |
-| [http\_sg](#module\_http\_sg) | ../../modules/http-80 | |
-| [http\_with\_egress\_minimal\_sg](#module\_http\_with\_egress\_minimal\_sg) | ../../modules/http-80 | |
-| [http\_with\_egress\_sg](#module\_http\_with\_egress\_sg) | ../../modules/http-80 | |
+| [http\_mysql\_1\_sg](#module\_http\_mysql\_1\_sg) | ../../modules/http-80 | n/a |
+| [http\_mysql\_2\_sg](#module\_http\_mysql\_2\_sg) | ../../modules/http-80 | n/a |
+| [http\_sg](#module\_http\_sg) | ../../modules/http-80 | n/a |
+| [http\_with\_egress\_minimal\_sg](#module\_http\_with\_egress\_minimal\_sg) | ../../modules/http-80 | n/a |
+| [http\_with\_egress\_sg](#module\_http\_with\_egress\_sg) | ../../modules/http-80 | n/a |
## Resources
diff --git a/examples/rules-only/README.md b/examples/rules-only/README.md
index 514d40ec..ecc03d22 100644
--- a/examples/rules-only/README.md
+++ b/examples/rules-only/README.md
@@ -25,14 +25,14 @@ No requirements.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 3.56.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [rules\_one](#module\_rules\_one) | ../../ | |
-| [rules\_two](#module\_rules\_two) | ../../ | |
+| [rules\_one](#module\_rules\_one) | ../../ | n/a |
+| [rules\_two](#module\_rules\_two) | ../../ | n/a |
## Resources
diff --git a/main.tf b/main.tf
index 1ec93d72..8d4d5a74 100644
--- a/main.tf
+++ b/main.tf
@@ -76,7 +76,7 @@ resource "aws_security_group_rule" "computed_ingress_rules" {
cidr_blocks = var.ingress_cidr_blocks
ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = var.rules[var.computed_ingress_rules[count.index]][3]
from_port = var.rules[var.computed_ingress_rules[count.index]][0]
@@ -95,7 +95,7 @@ resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
type = "ingress"
source_security_group_id = var.ingress_with_source_security_group_id[count.index]["source_security_group_id"]
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.ingress_with_source_security_group_id[count.index],
"description",
@@ -139,7 +139,7 @@ resource "aws_security_group_rule" "computed_ingress_with_source_security_group_
type = "ingress"
source_security_group_id = var.computed_ingress_with_source_security_group_id[count.index]["source_security_group_id"]
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.computed_ingress_with_source_security_group_id[count.index],
"description",
@@ -190,7 +190,7 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
join(",", var.ingress_cidr_blocks),
),
)
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.ingress_with_cidr_blocks[count.index],
"description",
@@ -229,7 +229,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
join(",", var.ingress_cidr_blocks),
),
)
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.computed_ingress_with_cidr_blocks[count.index],
"description",
@@ -280,7 +280,7 @@ resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" {
join(",", var.ingress_ipv6_cidr_blocks),
),
)
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.ingress_with_ipv6_cidr_blocks[count.index],
"description",
@@ -319,7 +319,7 @@ resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" {
join(",", var.ingress_ipv6_cidr_blocks),
),
)
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.computed_ingress_with_ipv6_cidr_blocks[count.index],
"description",
@@ -363,7 +363,7 @@ resource "aws_security_group_rule" "ingress_with_self" {
type = "ingress"
self = lookup(var.ingress_with_self[count.index], "self", true)
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.ingress_with_self[count.index],
"description",
@@ -395,7 +395,7 @@ resource "aws_security_group_rule" "computed_ingress_with_self" {
type = "ingress"
self = lookup(var.computed_ingress_with_self[count.index], "self", true)
- prefix_list_ids = var.ingress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.ingress_prefix_list_ids : null
description = lookup(
var.computed_ingress_with_self[count.index],
"description",
@@ -418,6 +418,67 @@ resource "aws_security_group_rule" "computed_ingress_with_self" {
var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")][2],
)
}
+# Security group rules with "prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "ingress_with_prefix_list_ids" {
+ count = var.create && length(var.ingress_prefix_list_ids) > 0 ? length(var.ingress_with_prefix_list_ids) : 0
+
+ security_group_id = local.this_sg_id
+ type = "ingress"
+
+ prefix_list_ids = var.ingress_prefix_list_ids
+ description = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "description",
+ "Ingress Rule",
+ )
+
+ from_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
+ )
+ to_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
+ )
+ protocol = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][2],
+ )
+}
+
+# Computed - Security group rules with "prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "computed_ingress_with_prefix_list_ids" {
+ count = var.create && length(var.ingress_prefix_list_ids) > 0 ? var.number_of_computed_ingress_with_prefix_list_ids : 0
+
+ security_group_id = local.this_sg_id
+ type = "ingress"
+
+ prefix_list_ids = var.ingress_prefix_list_ids
+ description = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "description",
+ "Ingress Rule",
+ )
+
+ from_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
+ )
+ to_port = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
+ )
+ protocol = lookup(
+ var.ingress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][2],
+ )
+}
#################
# End of ingress
@@ -435,7 +496,7 @@ resource "aws_security_group_rule" "egress_rules" {
cidr_blocks = var.egress_cidr_blocks
ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = var.rules[var.egress_rules[count.index]][3]
from_port = var.rules[var.egress_rules[count.index]][0]
@@ -452,7 +513,7 @@ resource "aws_security_group_rule" "computed_egress_rules" {
cidr_blocks = var.egress_cidr_blocks
ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = var.rules[var.computed_egress_rules[count.index]][3]
from_port = var.rules[var.computed_egress_rules[count.index]][0]
@@ -471,7 +532,7 @@ resource "aws_security_group_rule" "egress_with_source_security_group_id" {
type = "egress"
source_security_group_id = var.egress_with_source_security_group_id[count.index]["source_security_group_id"]
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.egress_with_source_security_group_id[count.index],
"description",
@@ -515,7 +576,7 @@ resource "aws_security_group_rule" "computed_egress_with_source_security_group_i
type = "egress"
source_security_group_id = var.computed_egress_with_source_security_group_id[count.index]["source_security_group_id"]
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.computed_egress_with_source_security_group_id[count.index],
"description",
@@ -566,7 +627,7 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" {
join(",", var.egress_cidr_blocks),
),
)
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.egress_with_cidr_blocks[count.index],
"description",
@@ -605,7 +666,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
join(",", var.egress_cidr_blocks),
),
)
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.computed_egress_with_cidr_blocks[count.index],
"description",
@@ -656,7 +717,7 @@ resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" {
join(",", var.egress_ipv6_cidr_blocks),
),
)
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.egress_with_ipv6_cidr_blocks[count.index],
"description",
@@ -695,7 +756,7 @@ resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" {
join(",", var.egress_ipv6_cidr_blocks),
),
)
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.computed_egress_with_ipv6_cidr_blocks[count.index],
"description",
@@ -739,7 +800,7 @@ resource "aws_security_group_rule" "egress_with_self" {
type = "egress"
self = lookup(var.egress_with_self[count.index], "self", true)
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.egress_with_self[count.index],
"description",
@@ -771,7 +832,7 @@ resource "aws_security_group_rule" "computed_egress_with_self" {
type = "egress"
self = lookup(var.computed_egress_with_self[count.index], "self", true)
- prefix_list_ids = var.egress_prefix_list_ids
+ prefix_list_ids = var.enable_prefix_lists_cross_over ? var.egress_prefix_list_ids : null
description = lookup(
var.computed_egress_with_self[count.index],
"description",
@@ -795,6 +856,92 @@ resource "aws_security_group_rule" "computed_egress_with_self" {
)
}
+# Security group rules with "egress_prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "egress_with_prefix_list_ids" {
+ count = var.create && length(var.egress_prefix_list_ids) > 0 ? length(var.egress_with_prefix_list_ids) : 0
+
+ security_group_id = local.this_sg_id
+ type = "egress"
+
+ prefix_list_ids = var.egress_prefix_list_ids
+ description = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "description",
+ "Egress Rule",
+ )
+
+ from_port = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][0],
+ )
+ to_port = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][1],
+ )
+ protocol = lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(
+ var.egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][2],
+ )
+}
+
+# Computed - Security group rules with "source_security_group_id", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" {
+ count = var.create && length(var.egress_prefix_list_ids) > 0 ? var.number_of_computed_egress_with_prefix_list_ids : 0
+
+ security_group_id = local.this_sg_id
+ type = "egress"
+
+ prefix_list_ids = var.egress_prefix_list_ids
+ description = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "description",
+ "Egress Rule",
+ )
+
+ from_port = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "from_port",
+ var.rules[lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][0],
+ )
+ to_port = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "to_port",
+ var.rules[lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][1],
+ )
+ protocol = lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "protocol",
+ var.rules[lookup(
+ var.computed_egress_with_prefix_list_ids[count.index],
+ "rule",
+ "_",
+ )][2],
+ )
+}
+
################
# End of egress
################
diff --git a/modules/activemq/README.md b/modules/activemq/README.md
index 228b192c..1a7dfab7 100644
--- a/modules/activemq/README.md
+++ b/modules/activemq/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/alertmanager/README.md b/modules/alertmanager/README.md
index ba46d102..c537964d 100644
--- a/modules/alertmanager/README.md
+++ b/modules/alertmanager/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/carbon-relay-ng/README.md b/modules/carbon-relay-ng/README.md
index c589f651..8624c550 100644
--- a/modules/carbon-relay-ng/README.md
+++ b/modules/carbon-relay-ng/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/cassandra/README.md b/modules/cassandra/README.md
index 747bf6da..21f1ae14 100644
--- a/modules/cassandra/README.md
+++ b/modules/cassandra/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/consul/README.md b/modules/consul/README.md
index 88512298..bd8aff1a 100644
--- a/modules/consul/README.md
+++ b/modules/consul/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/docker-swarm/README.md b/modules/docker-swarm/README.md
index 6065f16f..22d4b8d9 100644
--- a/modules/docker-swarm/README.md
+++ b/modules/docker-swarm/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/elasticsearch/README.md b/modules/elasticsearch/README.md
index a62c9f0f..b7619a1f 100644
--- a/modules/elasticsearch/README.md
+++ b/modules/elasticsearch/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/grafana/README.md b/modules/grafana/README.md
index 1e6c9e91..c3495ef3 100644
--- a/modules/grafana/README.md
+++ b/modules/grafana/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/graphite-statsd/README.md b/modules/graphite-statsd/README.md
index 9e96e68d..70f76eaf 100644
--- a/modules/graphite-statsd/README.md
+++ b/modules/graphite-statsd/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/http-80/README.md b/modules/http-80/README.md
index 96e7eb9d..313eb5bc 100644
--- a/modules/http-80/README.md
+++ b/modules/http-80/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/http-8080/README.md b/modules/http-8080/README.md
index e8ca1a77..5adc5490 100644
--- a/modules/http-8080/README.md
+++ b/modules/http-8080/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/https-443/README.md b/modules/https-443/README.md
index b95456cc..1ae740d0 100644
--- a/modules/https-443/README.md
+++ b/modules/https-443/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/https-8443/README.md b/modules/https-8443/README.md
index f2325850..cfcbc6e8 100644
--- a/modules/https-8443/README.md
+++ b/modules/https-8443/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/ipsec-4500/README.md b/modules/ipsec-4500/README.md
index 1b3cce53..d81b2ad9 100644
--- a/modules/ipsec-4500/README.md
+++ b/modules/ipsec-4500/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/ipsec-500/README.md b/modules/ipsec-500/README.md
index f2c5328e..0e445954 100644
--- a/modules/ipsec-500/README.md
+++ b/modules/ipsec-500/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/kafka/README.md b/modules/kafka/README.md
index bfe0b5e8..dde00a84 100644
--- a/modules/kafka/README.md
+++ b/modules/kafka/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/kibana/README.md b/modules/kibana/README.md
index 830f7749..c982eeb6 100644
--- a/modules/kibana/README.md
+++ b/modules/kibana/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/kubernetes-api/README.md b/modules/kubernetes-api/README.md
index 03513076..9273fc5e 100644
--- a/modules/kubernetes-api/README.md
+++ b/modules/kubernetes-api/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/ldap/README.md b/modules/ldap/README.md
index d4cec6f5..ee01b12e 100644
--- a/modules/ldap/README.md
+++ b/modules/ldap/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/ldaps/README.md b/modules/ldaps/README.md
index 97da8afc..fe3d7197 100644
--- a/modules/ldaps/README.md
+++ b/modules/ldaps/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/logstash/README.md b/modules/logstash/README.md
index eca19a09..66c7a413 100644
--- a/modules/logstash/README.md
+++ b/modules/logstash/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/memcached/README.md b/modules/memcached/README.md
index aeca53d9..ec8fa5d2 100644
--- a/modules/memcached/README.md
+++ b/modules/memcached/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/minio/README.md b/modules/minio/README.md
index b5e6a634..03bcb01b 100644
--- a/modules/minio/README.md
+++ b/modules/minio/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/mongodb/README.md b/modules/mongodb/README.md
index 4c869a8b..c0768bb1 100644
--- a/modules/mongodb/README.md
+++ b/modules/mongodb/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/mssql/README.md b/modules/mssql/README.md
index 6bfd9665..e614564f 100644
--- a/modules/mssql/README.md
+++ b/modules/mssql/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/mysql/README.md b/modules/mysql/README.md
index 920e2cc6..59f6d3fb 100644
--- a/modules/mysql/README.md
+++ b/modules/mysql/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/nfs/README.md b/modules/nfs/README.md
index 5d238766..56203159 100644
--- a/modules/nfs/README.md
+++ b/modules/nfs/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/nomad/README.md b/modules/nomad/README.md
index 93db999f..98aae45c 100644
--- a/modules/nomad/README.md
+++ b/modules/nomad/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/ntp/README.md b/modules/ntp/README.md
index a55e39c0..322da8b6 100644
--- a/modules/ntp/README.md
+++ b/modules/ntp/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/openvpn/README.md b/modules/openvpn/README.md
index adef6b33..4fd39ace 100644
--- a/modules/openvpn/README.md
+++ b/modules/openvpn/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/oracle-db/README.md b/modules/oracle-db/README.md
index 8b25fd4c..5ae8f6a4 100644
--- a/modules/oracle-db/README.md
+++ b/modules/oracle-db/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md
index e6660477..0e610214 100644
--- a/modules/postgresql/README.md
+++ b/modules/postgresql/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/prometheus/README.md b/modules/prometheus/README.md
index 40be1a47..26bbe747 100644
--- a/modules/prometheus/README.md
+++ b/modules/prometheus/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/puppet/README.md b/modules/puppet/README.md
index 22813d51..e7893c3d 100644
--- a/modules/puppet/README.md
+++ b/modules/puppet/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/rabbitmq/README.md b/modules/rabbitmq/README.md
index d9835ffb..5182d43d 100644
--- a/modules/rabbitmq/README.md
+++ b/modules/rabbitmq/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/rdp/README.md b/modules/rdp/README.md
index 2b620c80..18209916 100644
--- a/modules/rdp/README.md
+++ b/modules/rdp/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/redis/README.md b/modules/redis/README.md
index 665997bf..aa68d74e 100644
--- a/modules/redis/README.md
+++ b/modules/redis/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/redshift/README.md b/modules/redshift/README.md
index 4d0c1147..f3d1b3ef 100644
--- a/modules/redshift/README.md
+++ b/modules/redshift/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/smtp-submission/README.md b/modules/smtp-submission/README.md
index ba097857..ff9f0c0e 100644
--- a/modules/smtp-submission/README.md
+++ b/modules/smtp-submission/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/smtp/README.md b/modules/smtp/README.md
index 5852bb52..7848b840 100644
--- a/modules/smtp/README.md
+++ b/modules/smtp/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/smtps/README.md b/modules/smtps/README.md
index 0837fb89..a9514322 100644
--- a/modules/smtps/README.md
+++ b/modules/smtps/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/solr/README.md b/modules/solr/README.md
index aaa17f6f..ac8c0bb1 100644
--- a/modules/solr/README.md
+++ b/modules/solr/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/splunk/README.md b/modules/splunk/README.md
index 7f78e826..5d560abd 100644
--- a/modules/splunk/README.md
+++ b/modules/splunk/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/squid/README.md b/modules/squid/README.md
index 0570b647..4c2c1436 100644
--- a/modules/squid/README.md
+++ b/modules/squid/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/ssh/README.md b/modules/ssh/README.md
index 9385896a..80f4e917 100644
--- a/modules/ssh/README.md
+++ b/modules/ssh/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/storm/README.md b/modules/storm/README.md
index ae1aef01..383a356d 100644
--- a/modules/storm/README.md
+++ b/modules/storm/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/web/README.md b/modules/web/README.md
index 6f9072a7..474b0abe 100644
--- a/modules/web/README.md
+++ b/modules/web/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/winrm/README.md b/modules/winrm/README.md
index a3ed41dd..30427cf1 100644
--- a/modules/winrm/README.md
+++ b/modules/winrm/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/zipkin/README.md b/modules/zipkin/README.md
index fd9452c3..0f3fb50f 100644
--- a/modules/zipkin/README.md
+++ b/modules/zipkin/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/modules/zookeeper/README.md b/modules/zookeeper/README.md
index 353a6cc4..62f82332 100644
--- a/modules/zookeeper/README.md
+++ b/modules/zookeeper/README.md
@@ -29,7 +29,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [sg](#module\_sg) | ../../ | |
+| [sg](#module\_sg) | ../../ | n/a |
## Resources
diff --git a/variables.tf b/variables.tf
index 9290fde2..a900c732 100644
--- a/variables.tf
+++ b/variables.tf
@@ -48,6 +48,11 @@ variable "revoke_rules_on_delete" {
type = bool
default = false
}
+variable "enable_prefix_lists_cross_over" {
+ description = "Instruct Terraform to create crossing over ingress and egress Security Group Rules that cover also the Prefix lists provided as input."
+ type = bool
+ default = true
+}
variable "tags" {
description = "A mapping of tags to assign to security group"
@@ -87,6 +92,11 @@ variable "ingress_with_source_security_group_id" {
type = list(map(string))
default = []
}
+variable "ingress_with_prefix_list_ids" {
+ description = "List of ingress rules to create where 'prefix_list_ids' is used only"
+ type = list(map(string))
+ default = []
+}
variable "ingress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all ingress rules"
@@ -138,6 +148,11 @@ variable "computed_ingress_with_source_security_group_id" {
type = list(map(string))
default = []
}
+variable "computed_ingress_with_prefix_list_ids" {
+ description = "List of computed ingress rules to create where 'prefix_list_ids' is used"
+ type = list(map(string))
+ default = []
+}
###################################
# Number of computed ingress rules
@@ -171,6 +186,11 @@ variable "number_of_computed_ingress_with_source_security_group_id" {
type = number
default = 0
}
+variable "number_of_computed_ingress_with_prefix_list_ids" {
+ description = "Number of computed ingress rules to create where 'prefix_list_ids' is used"
+ type = number
+ default = 0
+}
#########
# Egress
@@ -204,6 +224,11 @@ variable "egress_with_source_security_group_id" {
type = list(map(string))
default = []
}
+variable "egress_with_prefix_list_ids" {
+ description = "List of egress rules to create where 'prefix_list_ids' is used only"
+ type = list(map(string))
+ default = []
+}
variable "egress_cidr_blocks" {
description = "List of IPv4 CIDR ranges to use on all egress rules"
@@ -255,6 +280,11 @@ variable "computed_egress_with_source_security_group_id" {
type = list(map(string))
default = []
}
+variable "computed_egress_with_prefix_list_ids" {
+ description = "List of computed egress rules to create where 'prefix_list_ids' is used only"
+ type = list(map(string))
+ default = []
+}
##################################
# Number of computed egress rules
@@ -288,3 +318,8 @@ variable "number_of_computed_egress_with_source_security_group_id" {
type = number
default = 0
}
+variable "number_of_computed_egress_with_prefix_list_ids" {
+ description = "Number of computed egress rules to create where 'prefix_list_ids' is used only"
+ type = number
+ default = 0
+}