search

terraform-aws-modules / terraform-aws-security-group

Terraform module to create AWS Security Group resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws
Other
562 stars 1.08k forks source link

feat: Add ability to set `prefix_list_ids` for separate rules #289

Closed lymych closed 1 year ago

lymych commented 1 year ago

Description

This pull request adds the ability to specify prefix lists for each rule separately.

Motivation and Context

This functionality already existed for cidr_blocks, ipv6_cidr_blocks, and source_security_group_id. But for us it is important to use prefix_list_ids for each rule separately. This pr solves the problem of creating unnecessary sg rules for prefix lists.

Before changes. In this case, rules will be applied to both prefix lists

ingress_prefix_list_ids = ["pl-01", "pl-02"]
ingress_with_prefix_list_ids = [
    {
      from_port   = 443
      to_port     = 443
      protocol    = "tcp"
    },
    {
      from_port   = 80
      to_port     = 80
      protocol    = "tcp"
    },
]

After changes. In this case, rules will be applied to each prefix list separately

ingress_with_prefix_list_ids = [
    {
      from_port   = 443
      to_port     = 443
      protocol    = "tcp"
      prefix_list_ids = ["pl-01"]
    },
    {
      from_port   = 80
      to_port     = 80
      protocol    = "tcp"
      prefix_list_ids = ["pl-02"]
    },
]

Breaking Changes

This changes will not break the logic that already exists.

How Has This Been Tested?

github-actions[bot] commented 1 year ago

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

github-actions[bot] commented 1 year ago

This PR was automatically closed because of stale in 10 days

github-actions[bot] commented 1 year ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.