Merge pull request #64 from schubergphilis/fix-sg-name

fix: SG already exists error when recreating with create_before_destroy by introducing a `security_group_name_prefix` variable

README.md

@@ -76,6 +76,7 @@ No modules.
 | <a name="input_s3_key"></a> [s3\_key](#input\_s3\_key) | The S3 key of an object containing the function's deployment package | `string` | `null` | no |
 | <a name="input_s3_object_version"></a> [s3\_object\_version](#input\_s3\_object\_version) | The object version containing the function's deployment package | `string` | `null` | no |
 | <a name="input_security_group_egress_rules"></a> [security\_group\_egress\_rules](#input\_security\_group\_egress\_rules) | Security Group egress rules | <pre>list(object({<br>    cidr_ipv4                    = optional(string)<br>    cidr_ipv6                    = optional(string)<br>    description                  = string<br>    from_port                    = optional(number, 0)<br>    ip_protocol                  = optional(string, "-1")<br>    prefix_list_id               = optional(string)<br>    referenced_security_group_id = optional(string)<br>    to_port                      = optional(number, 0)<br>  }))</pre> | `[]` | no |
+| <a name="input_security_group_name_prefix"></a> [security\_group\_name\_prefix](#input\_security\_group\_name\_prefix) | An optional prefix to create a unique name of the security group. If not provided `var.name` will be used | `string` | `null` | no |
 | <a name="input_source_code_hash"></a> [source\_code\_hash](#input\_source\_code\_hash) | Optional source code hash | `string` | `null` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The subnet ids where this lambda needs to run | `list(string)` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the bucket | `map(string)` | `{}` | no |

main.tf

@@ -3,11 +3,11 @@ locals {
   create_policy              = var.create_policy != null ? var.create_policy : var.role_arn == null
   dead_letter_config         = var.dead_letter_target_arn != null ? { create : true } : {}
   environment                = var.environment != null ? { create : true } : {}
+  ephemeral_storage          = var.ephemeral_storage_size != null ? { create : true } : {}
   execution_type             = var.subnet_ids == null ? "Basic" : "VPCAccess"
   filename                   = var.filename != null ? var.filename : data.archive_file.dummy.output_path
   source_code_hash           = var.source_code_hash != null ? var.source_code_hash : var.filename != null ? filebase64sha256(var.filename) : null
   tracing_config             = var.tracing_config_mode != null ? { create : true } : {}
-  ephemeral_storage          = var.ephemeral_storage_size != null ? { create : true } : {}
   vpc_config                 = var.subnet_ids != null ? { create : true } : {}
 }
 
@@ -74,7 +74,8 @@ resource "aws_security_group" "default" {
   #checkov:skip=CKV2_AWS_5: False positive finding, the security group is attached.
   count = var.subnet_ids != null ? 1 : 0
 
-  name        = var.name
+  name        = var.security_group_name_prefix == null ? var.name : null
+  name_prefix = var.security_group_name_prefix != null ? var.security_group_name_prefix : null
   description = "Security group for lambda ${var.name}"
   vpc_id      = data.aws_subnet.selected[0].vpc_id
   tags        = var.tags

variables.tf

@@ -196,6 +196,12 @@ variable "security_group_egress_rules" {
   }
 }
 
+variable "security_group_name_prefix" {
+  type        = string
+  default     = null
+  description = "An optional prefix to create a unique name of the security group. If not provided `var.name` will be used"
+}
+
 variable "source_code_hash" {
   type        = string
   default     = null