Allow to skip sg egress rules creation (#40)

IrmantasMarozas · web-flow · commit 6ab403747d86 · 2023-04-20T18:28:23.000+01:00
diff --git a/main.tf b/main.tf
@@ -132,11 +132,13 @@ resource "aws_security_group_rule" "redis_ingress_cidr_blocks" {
 }
 
 resource "aws_security_group_rule" "redis_egress" {
+  count = length(var.egress_cidr_blocks) != 0 ? 1 : 0
+
   type              = "egress"
   from_port         = 0
   to_port           = 0
   protocol          = "-1"
-  cidr_blocks       = ["0.0.0.0/0"]
+  cidr_blocks       = var.egress_cidr_blocks
   security_group_id = aws_security_group.redis.id
 }
 
diff --git a/variables.tf b/variables.tf
@@ -36,6 +36,12 @@ variable "ingress_cidr_blocks" {
   default     = []
 }
 
+variable "egress_cidr_blocks" {
+  type        = list(string)
+  description = "List of Egress CIDR blocks."
+  default     = ["0.0.0.0/0"]
+}
+
 variable "ingress_self" {
   type        = bool
   description = "Specify whether the security group itself will be added as a source to the ingress rule."

Original file line number	Diff line number	Diff line change
`@@ -132,11 +132,13 @@ resource "aws_security_group_rule" "redis_ingress_cidr_blocks" {`
`132`	`132`	`}`
`133`	`133`
`134`	`134`	`resource "aws_security_group_rule" "redis_egress" {`
	`135`	`+ count = length(var.egress_cidr_blocks) != 0 ? 1 : 0`
	`136`	`+`
`135`	`137`	`type = "egress"`
`136`	`138`	`from_port = 0`
`137`	`139`	`to_port = 0`
`138`	`140`	`protocol = "-1"`
`139`		`- cidr_blocks = ["0.0.0.0/0"]`
	`141`	`+ cidr_blocks = var.egress_cidr_blocks`
`140`	`142`	`security_group_id = aws_security_group.redis.id`
`141`	`143`	`}`
`142`	`144`