cloudposse / terraform-aws-security-group

Terraform module to provision an AWS Security Group
https://cloudposse.com/accelerate
Apache License 2.0
36 stars 35 forks source link

Use "argument syntax" to remove inline rules #57

Open Nuru opened 8 months ago

Nuru commented 8 months ago

Describe the Feature

There has been a long-standing issue with aws_security_group that dynamic inline rules could not be removed. This has been fixed in v5.8.0 of the AWS Terraform provider, but needs an implementation change in this module to be effective.

Although inline rules are deprecated in general, the implementation change is easy enough that we should do it.

Expected Behavior

When supplying inline rules in one deployment and then removing all the inline rules in the next deployment, the inline rules should be removed.

Use Case

Migrating inline rules to the newer, recommended separate security group rule resources, is only possible if the inline rules can be removed. Currently, as implemented in this module, the inline rules cannot be removed.

Describe Ideal Solution

Use Arbitrary Expressions with Argument Syntax instead of dynamic blocks to manage the inline rules, so that providing an empty list removes the rules.

Alternatives Considered

No response

Additional Context

No response