1
1
resource "aws_security_group" "this" {
2
- vpc_id = var. vpc_id
2
+ vpc_id = var. vpc_id
3
3
4
4
name = var. name
5
5
name_prefix = var. name_prefix
@@ -21,86 +21,117 @@ resource "aws_security_group" "this" {
21
21
# ##################################################
22
22
23
23
locals {
24
+ flattened_ingress_rules = concat (
25
+ [
26
+ for rule in var . ingress_rules :
27
+ rule
28
+ if length (lookup (rule, " source_security_group_ids" , [])) < 1
29
+ ],
30
+ flatten ([
31
+ for rule in var . ingress_rules : [
32
+ for source_security_group_id in rule . source_security_group_ids :
33
+ merge (rule, {
34
+ source_security_group_id = source_security_group_id
35
+ })
36
+ ] if length (lookup (rule, " source_security_group_ids" , [])) > 0
37
+ ])
38
+ )
39
+ flattened_egress_rules = concat (
40
+ [
41
+ for rule in var . egress_rules :
42
+ rule
43
+ if length (lookup (rule, " source_security_group_ids" , [])) < 1
44
+ ],
45
+ flatten ([
46
+ for rule in var . egress_rules : [
47
+ for source_security_group_id in rule . source_security_group_ids :
48
+ merge (rule, {
49
+ source_security_group_id = source_security_group_id
50
+ })
51
+ ] if length (lookup (rule, " source_security_group_ids" , [])) > 0
52
+ ])
53
+ )
54
+
24
55
normalized_ingress_rules = [
25
- for rule in var . ingress_rules :
26
- {
27
- description = lookup (rule, " description" , " Managed by Terraform" ),
28
-
29
- protocol = rule.protocol,
30
- from_port = rule.from_port,
31
- to_port = rule.to_port,
32
-
33
- cidr_blocks = lookup (rule, " cidr_blocks" , null ) != null ? sort (compact (rule. cidr_blocks )) : null ,
34
- ipv6_cidr_blocks = lookup (rule, " ipv6_cidr_blocks" , null ) != null ? sort (compact (rule. ipv6_cidr_blocks )) : null ,
35
- prefix_list_ids = lookup (rule, " prefix_list_ids" , null ) != null ? sort (compact (rule. prefix_list_ids )) : null ,
36
- source_security_group_id = lookup (rule, " source_security_group_id" , null ),
37
- self = lookup (rule, " self" , null ) != null ? true : null ,
38
- }
56
+ for rule in local . flattened_ingress_rules : {
57
+ description = lookup (rule, " description" , " Managed by Terraform" )
58
+
59
+ protocol = rule . protocol
60
+ from_port = rule . from_port
61
+ to_port = rule . to_port
62
+
63
+ cidr_blocks = lookup (rule, " cidr_blocks" , null ) != null ? sort (compact (rule. cidr_blocks )) : null
64
+ ipv6_cidr_blocks = lookup (rule, " ipv6_cidr_blocks" , null ) != null ? sort (compact (rule. ipv6_cidr_blocks )) : null
65
+ prefix_list_ids = lookup (rule, " prefix_list_ids" , null ) != null ? sort (compact (rule. prefix_list_ids )) : null
66
+ source_security_group_id = lookup (rule, " source_security_group_id" , null )
67
+ self = lookup (rule, " self" , null ) != null ? true : null
68
+ }
39
69
]
40
70
normalized_egress_rules = [
41
- for rule in var . egress_rules :
42
- {
43
- description = lookup (rule, " description" , " Managed by Terraform" ),
44
-
45
- protocol = rule.protocol,
46
- from_port = rule.from_port,
47
- to_port = rule.to_port,
48
-
49
- cidr_blocks = lookup (rule, " cidr_blocks" , null ) != null ? sort (compact (rule. cidr_blocks )) : null ,
50
- ipv6_cidr_blocks = lookup (rule, " ipv6_cidr_blocks" , null ) != null ? sort (compact (rule. ipv6_cidr_blocks )) : null ,
51
- prefix_list_ids = lookup (rule, " prefix_list_ids" , null ) != null ? sort (compact (rule. prefix_list_ids )) : null ,
52
- source_security_group_id = lookup (rule, " source_security_group_id" , null ),
53
- self = lookup (rule, " self" , null ) != null ? true : null ,
54
- }
71
+ for rule in local . flattened_egress_rules : {
72
+ description = lookup (rule, " description" , " Managed by Terraform" )
73
+
74
+ protocol = rule . protocol
75
+ from_port = rule . from_port
76
+ to_port = rule . to_port
77
+
78
+ cidr_blocks = lookup (rule, " cidr_blocks" , null ) != null ? sort (compact (rule. cidr_blocks )) : null
79
+ ipv6_cidr_blocks = lookup (rule, " ipv6_cidr_blocks" , null ) != null ? sort (compact (rule. ipv6_cidr_blocks )) : null
80
+ prefix_list_ids = lookup (rule, " prefix_list_ids" , null ) != null ? sort (compact (rule. prefix_list_ids )) : null
81
+ source_security_group_id = lookup (rule, " source_security_group_id" , null )
82
+ self = lookup (rule, " self" , null ) != null ? true : null
83
+ }
55
84
]
56
85
57
86
# Filter if empty
58
87
compacted_ingress_rules = [
59
- for rule in local . normalized_ingress_rules :
60
- rule if length (compact (flatten ([
61
- rule . cidr_blocks ,
62
- rule . ipv6_cidr_blocks ,
63
- rule . prefix_list_ids ,
64
- rule . source_security_group_id ,
65
- rule . self != null ? " self" : null ,
66
- ]))) > 0
88
+ for rule in local . normalized_ingress_rules :
89
+ rule
90
+ if length (compact (flatten ([
91
+ rule . cidr_blocks ,
92
+ rule . ipv6_cidr_blocks ,
93
+ rule . prefix_list_ids ,
94
+ rule . source_security_group_id ,
95
+ rule . self != null ? " self" : null ,
96
+ ]))) > 0
67
97
]
68
98
compacted_egress_rules = [
69
- for rule in local . normalized_egress_rules :
70
- rule if length (compact (flatten ([
71
- rule . cidr_blocks ,
72
- rule . ipv6_cidr_blocks ,
73
- rule . prefix_list_ids ,
74
- rule . source_security_group_id ,
75
- rule . self != null ? " self" : null ,
76
- ]))) > 0
99
+ for rule in local . normalized_egress_rules :
100
+ rule
101
+ if length (compact (flatten ([
102
+ rule . cidr_blocks ,
103
+ rule . ipv6_cidr_blocks ,
104
+ rule . prefix_list_ids ,
105
+ rule . source_security_group_id ,
106
+ rule . self != null ? " self" : null ,
107
+ ]))) > 0
77
108
]
78
109
79
110
ingress_rules = {
80
- for rule in local . compacted_ingress_rules :
81
- join (" _" , compact (flatten ([
82
- rule . protocol ,
83
- rule . from_port ,
84
- rule . to_port ,
85
- rule . cidr_blocks ,
86
- rule . ipv6_cidr_blocks ,
87
- rule . prefix_list_ids ,
88
- rule . source_security_group_id ,
89
- rule . self != null ? " self" : null ,
90
- ]))) => rule
111
+ for rule in local . compacted_ingress_rules :
112
+ join (" _" , compact (flatten ([
113
+ rule . protocol ,
114
+ rule . from_port ,
115
+ rule . to_port ,
116
+ rule . cidr_blocks ,
117
+ rule . ipv6_cidr_blocks ,
118
+ rule . prefix_list_ids ,
119
+ rule . source_security_group_id ,
120
+ rule . self != null ? " self" : null ,
121
+ ]))) => rule
91
122
}
92
123
egress_rules = {
93
- for rule in local . compacted_egress_rules :
94
- join (" _" , compact (flatten ([
95
- rule . protocol ,
96
- rule . from_port ,
97
- rule . to_port ,
98
- rule . cidr_blocks ,
99
- rule . ipv6_cidr_blocks ,
100
- rule . prefix_list_ids ,
101
- rule . source_security_group_id ,
102
- rule . self != null ? " self" : null ,
103
- ]))) => rule
124
+ for rule in local . compacted_egress_rules :
125
+ join (" _" , compact (flatten ([
126
+ rule . protocol ,
127
+ rule . from_port ,
128
+ rule . to_port ,
129
+ rule . cidr_blocks ,
130
+ rule . ipv6_cidr_blocks ,
131
+ rule . prefix_list_ids ,
132
+ rule . source_security_group_id ,
133
+ rule . self != null ? " self" : null ,
134
+ ]))) => rule
104
135
}
105
136
}
106
137
0 commit comments