diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d793dafb..832e018e 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ################################################## @@ -32,7 +32,7 @@ module "main_sg" { name = "main-sg" description = "Security group which is used as an argument in complete-sg" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["10.10.0.0/16"] ingress_rules = ["https-443-tcp"] @@ -46,7 +46,7 @@ module "complete_sg" { name = "complete-sg" description = "Security group with all available arguments set (this is just an example)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id tags = { Cash = "king" @@ -97,7 +97,7 @@ module "complete_sg" { to_port = 25 protocol = 6 description = "Service name with vpc cidr" - cidr_blocks = "${module.vpc.vpc_cidr_block}" + cidr_blocks = module.vpc.vpc_cidr_block }, ] @@ -130,28 +130,28 @@ module "complete_sg" { ingress_with_source_security_group_id = [ { rule = "mysql-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, { from_port = 10 to_port = 10 protocol = 6 description = "Service name" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] computed_ingress_with_source_security_group_id = [ { rule = "postgresql-tcp" - source_security_group_id = "${module.main_sg.this_security_group_id}" + source_security_group_id = module.main_sg.this_security_group_id }, { from_port = 23 to_port = 23 protocol = 6 description = "Service name" - source_security_group_id = "${module.main_sg.this_security_group_id}" + source_security_group_id = module.main_sg.this_security_group_id }, ] @@ -225,7 +225,7 @@ module "complete_sg" { computed_egress_with_cidr_blocks = [ { rule = "https-443-tcp" - cidr_blocks = "${module.vpc.vpc_cidr_block}" + cidr_blocks = module.vpc.vpc_cidr_block }, ] @@ -258,21 +258,21 @@ module "complete_sg" { egress_with_source_security_group_id = [ { rule = "mysql-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, { from_port = 10 to_port = 10 protocol = 6 description = "Service name" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] computed_egress_with_source_security_group_id = [ { rule = "postgresql-tcp" - source_security_group_id = "${module.main_sg.this_security_group_id}" + source_security_group_id = module.main_sg.this_security_group_id }, ] @@ -315,7 +315,7 @@ module "ipv4_ipv6_example" { name = "ipv4-ipv6-example" description = "IPv4 and IPv6 example" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_with_cidr_blocks = [ { @@ -366,10 +366,11 @@ module "fixed_name_sg" { name = "fixed-name-sg" description = "Security group with fixed name" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id use_name_prefix = false ingress_cidr_blocks = ["10.10.0.0/16"] ingress_rules = ["https-443-tcp"] } + diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 94167eee..7a62cd15 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.complete_sg.this_security_group_id}" + value = module.complete_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.complete_sg.this_security_group_vpc_id}" + value = module.complete_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.complete_sg.this_security_group_owner_id}" + value = module.complete_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.complete_sg.this_security_group_name}" + value = module.complete_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.complete_sg.this_security_group_description}" + value = module.complete_sg.this_security_group_description } + diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/examples/complete/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/computed/main.tf b/examples/computed/main.tf index 2bba4015..104349e0 100644 --- a/examples/computed/main.tf +++ b/examples/computed/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ########################### @@ -22,14 +22,14 @@ module "http_sg" { name = "computed-http-sg" description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] ingress_with_source_security_group_id = [ { rule = "https-443-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] } @@ -39,16 +39,17 @@ module "mysql_sg" { name = "computed-mysql-sg" description = "Security group with MySQL/Aurora port open for HTTP security group created above (computed)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] computed_ingress_with_source_security_group_id = [ { rule = "mysql-tcp" - source_security_group_id = "${module.http_sg.this_security_group_id}" + source_security_group_id = module.http_sg.this_security_group_id }, ] number_of_computed_ingress_with_source_security_group_id = 1 } + diff --git a/examples/computed/outputs.tf b/examples/computed/outputs.tf index 72082fc0..84d34288 100644 --- a/examples/computed/outputs.tf +++ b/examples/computed/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.mysql_sg.this_security_group_id}" + value = module.mysql_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.mysql_sg.this_security_group_vpc_id}" + value = module.mysql_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.mysql_sg.this_security_group_owner_id}" + value = module.mysql_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.mysql_sg.this_security_group_name}" + value = module.mysql_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.mysql_sg.this_security_group_description}" + value = module.mysql_sg.this_security_group_description } + diff --git a/examples/computed/versions.tf b/examples/computed/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/examples/computed/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/disabled/main.tf b/examples/disabled/main.tf index d26cf73a..7894bfb0 100644 --- a/examples/disabled/main.tf +++ b/examples/disabled/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ######################################################## @@ -23,7 +23,7 @@ module "complete_sg_disabled" { create = false name = "complete-sg" description = "Security group with all available arguments set (this is just an example)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] } @@ -34,7 +34,8 @@ module "http_sg_disabled" { create = false name = "http-sg" description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] } + diff --git a/examples/disabled/outputs.tf b/examples/disabled/outputs.tf index 9af75613..0730ce82 100644 --- a/examples/disabled/outputs.tf +++ b/examples/disabled/outputs.tf @@ -1,4 +1,5 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.complete_sg_disabled.this_security_group_id}" + value = module.complete_sg_disabled.this_security_group_id } + diff --git a/examples/disabled/versions.tf b/examples/disabled/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/examples/disabled/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/dynamic/main.tf b/examples/dynamic/main.tf index c6b29969..686239ef 100644 --- a/examples/dynamic/main.tf +++ b/examples/dynamic/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ########################### @@ -26,14 +26,15 @@ module "http_sg" { name = "dynamic-http-sg" description = "Security group with HTTP port open for everyone, and HTTPS open just for the default security group" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] ingress_with_source_security_group_id = [ { rule = "https-443-tcp" - source_security_group_id = "${data.aws_security_group.default.id}" + source_security_group_id = data.aws_security_group.default.id }, ] } + diff --git a/examples/dynamic/outputs.tf b/examples/dynamic/outputs.tf index 18034a7d..5f398aca 100644 --- a/examples/dynamic/outputs.tf +++ b/examples/dynamic/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.http_sg.this_security_group_id}" + value = module.http_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.http_sg.this_security_group_vpc_id}" + value = module.http_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.http_sg.this_security_group_owner_id}" + value = module.http_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.http_sg.this_security_group_name}" + value = module.http_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.http_sg.this_security_group_description}" + value = module.http_sg.this_security_group_description } + diff --git a/examples/dynamic/versions.tf b/examples/dynamic/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/examples/dynamic/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/http/main.tf b/examples/http/main.tf index 661f31e1..666d6042 100644 --- a/examples/http/main.tf +++ b/examples/http/main.tf @@ -11,7 +11,7 @@ data "aws_vpc" "default" { data "aws_security_group" "default" { name = "default" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id } ########################### @@ -26,7 +26,7 @@ module "http_sg" { name = "http-sg" description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] } @@ -41,7 +41,7 @@ module "http_mysql_1_sg" { use_name_prefix = false description = "Security group with HTTP and MySQL ports open for everybody (IPv4 CIDR)" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id ingress_cidr_blocks = ["0.0.0.0/0"] @@ -57,14 +57,14 @@ module "http_mysql_2_sg" { name = "http-mysql-2" description = "Security group with HTTP and MySQL ports open within current VPC" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id # Add mysql rules ingress_rules = ["mysql-tcp"] # Allow ingress rules to be accessed only within current VPC - ingress_cidr_blocks = ["${data.aws_vpc.default.cidr_block}"] - ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] + ingress_cidr_blocks = [data.aws_vpc.default.cidr_block] + ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] } ########################### @@ -75,10 +75,10 @@ module "http_with_egress_minimal_sg" { name = "http-with-egress-minimal" description = "Security group with HTTP ports open within current VPC, and allow egress access to HTTP ports to the whole world" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id # Allow ingress rules to be accessed only within current VPC - ingress_cidr_blocks = ["${data.aws_vpc.default.cidr_block}"] + ingress_cidr_blocks = [data.aws_vpc.default.cidr_block] # Allow all rules for all protocols egress_rules = ["http-80-tcp"] @@ -92,16 +92,17 @@ module "http_with_egress_sg" { name = "http-with-egress" description = "Security group with HTTP ports open within current VPC, and allow egress access just to small subnet" - vpc_id = "${data.aws_vpc.default.id}" + vpc_id = data.aws_vpc.default.id # Add mysql rules ingress_rules = ["mysql-tcp"] # Allow ingress rules to be accessed only within current VPC - ingress_cidr_blocks = ["${data.aws_vpc.default.cidr_block}"] - ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] + ingress_cidr_blocks = [data.aws_vpc.default.cidr_block] + ingress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] # Allow egress rules to access anything (empty list means everything) egress_cidr_blocks = ["10.10.10.0/28"] - egress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] + egress_ipv6_cidr_blocks = [] # Not all VPCs have IPv6 enabled, but if you have it enabled, then this will work - ["${data.aws_vpc.default.ipv6_cidr_block}"] } + diff --git a/examples/http/outputs.tf b/examples/http/outputs.tf index 18034a7d..5f398aca 100644 --- a/examples/http/outputs.tf +++ b/examples/http/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.http_sg.this_security_group_id}" + value = module.http_sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.http_sg.this_security_group_vpc_id}" + value = module.http_sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.http_sg.this_security_group_owner_id}" + value = module.http_sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.http_sg.this_security_group_name}" + value = module.http_sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.http_sg.this_security_group_description}" + value = module.http_sg.this_security_group_description } + diff --git a/examples/http/versions.tf b/examples/http/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/examples/http/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/main.tf b/main.tf index fe7ee153..58de5189 100644 --- a/main.tf +++ b/main.tf @@ -2,33 +2,52 @@ # Get ID of created Security Group ################################## locals { - this_sg_id = "${element(concat(coalescelist(aws_security_group.this.*.id, aws_security_group.this_name_prefix.*.id), list("")), 0)}" + this_sg_id = element( + concat( + coalescelist( + aws_security_group.this.*.id, + aws_security_group.this_name_prefix.*.id, + ), + [""], + ), + 0, + ) } ########################## # Security group with name ########################## resource "aws_security_group" "this" { - count = "${var.create && ! var.use_name_prefix ? 1 : 0}" - - name = "${var.name}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - - tags = "${merge(var.tags, map("Name", format("%s", var.name)))}" + count = var.create && false == var.use_name_prefix ? 1 : 0 + + name = var.name + description = var.description + vpc_id = var.vpc_id + + tags = merge( + var.tags, + { + "Name" = format("%s", var.name) + }, + ) } ################################# # Security group with name_prefix ################################# resource "aws_security_group" "this_name_prefix" { - count = "${var.create && var.use_name_prefix ? 1 : 0}" + count = var.create && var.use_name_prefix ? 1 : 0 name_prefix = "${var.name}-" - description = "${var.description}" - vpc_id = "${var.vpc_id}" + description = var.description + vpc_id = var.vpc_id - tags = "${merge(var.tags, map("Name", format("%s", var.name)))}" + tags = merge( + var.tags, + { + "Name" = format("%s", var.name) + }, + ) lifecycle { create_before_destroy = true @@ -40,36 +59,36 @@ resource "aws_security_group" "this_name_prefix" { ################################### # Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "ingress_rules" { - count = "${var.create ? length(var.ingress_rules) : 0}" + count = var.create ? length(var.ingress_rules) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${var.ingress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${element(var.rules[var.ingress_rules[count.index]], 3)}" + cidr_blocks = var.ingress_cidr_blocks + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = element(var.rules[var.ingress_rules[count.index]], 3) - from_port = "${element(var.rules[var.ingress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.ingress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.ingress_rules[count.index]], 2)}" + from_port = element(var.rules[var.ingress_rules[count.index]], 0) + to_port = element(var.rules[var.ingress_rules[count.index]], 1) + protocol = element(var.rules[var.ingress_rules[count.index]], 2) } # Computed - Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "computed_ingress_rules" { - count = "${var.create ? var.number_of_computed_ingress_rules : 0}" + count = var.create ? var.number_of_computed_ingress_rules : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${var.ingress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${element(var.rules[var.computed_ingress_rules[count.index]], 3)}" + cidr_blocks = var.ingress_cidr_blocks + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = element(var.rules[var.computed_ingress_rules[count.index]], 3) - from_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.computed_ingress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.computed_ingress_rules[count.index]], 2)}" + from_port = element(var.rules[var.computed_ingress_rules[count.index]], 0) + to_port = element(var.rules[var.computed_ingress_rules[count.index]], 1) + protocol = element(var.rules[var.computed_ingress_rules[count.index]], 2) } ########################## @@ -77,134 +96,410 @@ resource "aws_security_group_rule" "computed_ingress_rules" { ########################## # Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "ingress_with_source_security_group_id" { - count = "${var.create ? length(var.ingress_with_source_security_group_id) : 0}" + count = var.create ? length(var.ingress_with_source_security_group_id) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - source_security_group_id = "${lookup(var.ingress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_source_security_group_id[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.ingress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_source_security_group_id[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_source_security_group_id[count.index], + "from_port", + element( + var.rules[lookup( + var.ingress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.ingress_with_source_security_group_id[count.index], + "to_port", + element( + var.rules[lookup( + var.ingress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.ingress_with_source_security_group_id[count.index], + "protocol", + element( + var.rules[lookup( + var.ingress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id" { - count = "${var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0}" + count = var.create ? var.number_of_computed_ingress_with_source_security_group_id : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - source_security_group_id = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.computed_ingress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "from_port", + element( + var.rules[lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "to_port", + element( + var.rules[lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "protocol", + element( + var.rules[lookup( + var.computed_ingress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "ingress_with_cidr_blocks" { - count = "${var.create ? length(var.ingress_with_cidr_blocks) : 0}" + count = var.create ? length(var.ingress_with_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${split(",", lookup(var.ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.ingress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.ingress_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.ingress_with_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.ingress_with_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")], + 2, + ), + ) } # Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" { - count = "${var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_ingress_with_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.ingress_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.ingress_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup( + var.computed_ingress_with_cidr_blocks[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "ingress_with_ipv6_cidr_blocks" { - count = "${var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0}" + count = var.create ? length(var.ingress_with_ipv6_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - ipv6_cidr_blocks = ["${split(",", lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.ingress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.ingress_with_ipv6_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup(var.ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], + 2, + ), + ) } # Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_ingress_with_ipv6_cidr_blocks" { - count = "${var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_ingress_with_ipv6_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - ipv6_cidr_blocks = ["${split(",", lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.ingress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.ingress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup( + var.computed_ingress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "ingress_with_self" { - count = "${var.create ? length(var.ingress_with_self) : 0}" + count = var.create ? length(var.ingress_with_self) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - self = "${lookup(var.ingress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.ingress_with_self[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.ingress_with_self[count.index], "from_port", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.ingress_with_self[count.index], "to_port", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.ingress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.ingress_with_self[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.ingress_with_self[count.index], + "from_port", + element( + var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.ingress_with_self[count.index], + "to_port", + element( + var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.ingress_with_self[count.index], + "protocol", + element( + var.rules[lookup(var.ingress_with_self[count.index], "rule", "_")], + 2, + ), + ) } # Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "computed_ingress_with_self" { - count = "${var.create ? var.number_of_computed_ingress_with_self : 0}" + count = var.create ? var.number_of_computed_ingress_with_self : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "ingress" - self = "${lookup(var.computed_ingress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.ingress_prefix_list_ids}"] - description = "${lookup(var.computed_ingress_with_self[count.index], "description", "Ingress Rule")}" - - from_port = "${lookup(var.computed_ingress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_ingress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_ingress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.computed_ingress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.ingress_ipv6_cidr_blocks + prefix_list_ids = var.ingress_prefix_list_ids + description = lookup( + var.computed_ingress_with_self[count.index], + "description", + "Ingress Rule", + ) + + from_port = lookup( + var.computed_ingress_with_self[count.index], + "from_port", + element( + var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.computed_ingress_with_self[count.index], + "to_port", + element( + var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.computed_ingress_with_self[count.index], + "protocol", + element( + var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")], + 2, + ), + ) } ################# @@ -216,36 +511,36 @@ resource "aws_security_group_rule" "computed_ingress_with_self" { ################################## # Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "egress_rules" { - count = "${var.create ? length(var.egress_rules) : 0}" + count = var.create ? length(var.egress_rules) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${var.egress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${element(var.rules[var.egress_rules[count.index]], 3)}" + cidr_blocks = var.egress_cidr_blocks + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = element(var.rules[var.egress_rules[count.index]], 3) - from_port = "${element(var.rules[var.egress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.egress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.egress_rules[count.index]], 2)}" + from_port = element(var.rules[var.egress_rules[count.index]], 0) + to_port = element(var.rules[var.egress_rules[count.index]], 1) + protocol = element(var.rules[var.egress_rules[count.index]], 2) } # Computed - Security group rules with "cidr_blocks" and it uses list of rules names resource "aws_security_group_rule" "computed_egress_rules" { - count = "${var.create ? var.number_of_computed_egress_rules : 0}" + count = var.create ? var.number_of_computed_egress_rules : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${var.egress_cidr_blocks}"] - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${element(var.rules[var.computed_egress_rules[count.index]], 3)}" + cidr_blocks = var.egress_cidr_blocks + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = element(var.rules[var.computed_egress_rules[count.index]], 3) - from_port = "${element(var.rules[var.computed_egress_rules[count.index]], 0)}" - to_port = "${element(var.rules[var.computed_egress_rules[count.index]], 1)}" - protocol = "${element(var.rules[var.computed_egress_rules[count.index]], 2)}" + from_port = element(var.rules[var.computed_egress_rules[count.index]], 0) + to_port = element(var.rules[var.computed_egress_rules[count.index]], 1) + protocol = element(var.rules[var.computed_egress_rules[count.index]], 2) } ######################### @@ -253,137 +548,412 @@ resource "aws_security_group_rule" "computed_egress_rules" { ######################### # Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "egress_with_source_security_group_id" { - count = "${var.create ? length(var.egress_with_source_security_group_id) : 0}" + count = var.create ? length(var.egress_with_source_security_group_id) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - source_security_group_id = "${lookup(var.egress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_source_security_group_id[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.egress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.egress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_source_security_group_id[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_source_security_group_id[count.index], + "from_port", + element( + var.rules[lookup( + var.egress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.egress_with_source_security_group_id[count.index], + "to_port", + element( + var.rules[lookup( + var.egress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.egress_with_source_security_group_id[count.index], + "protocol", + element( + var.rules[lookup( + var.egress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Computed - Security group rules with "source_security_group_id", but without "cidr_blocks" and "self" resource "aws_security_group_rule" "computed_egress_with_source_security_group_id" { - count = "${var.create ? var.number_of_computed_egress_with_source_security_group_id : 0}" + count = var.create ? var.number_of_computed_egress_with_source_security_group_id : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - source_security_group_id = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "source_security_group_id")}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_source_security_group_id[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_source_security_group_id[count.index], "rule", "_")], 2))}" + source_security_group_id = var.computed_egress_with_source_security_group_id[count.index]["source_security_group_id"] + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "from_port", + element( + var.rules[lookup( + var.computed_egress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "to_port", + element( + var.rules[lookup( + var.computed_egress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.computed_egress_with_source_security_group_id[count.index], + "protocol", + element( + var.rules[lookup( + var.computed_egress_with_source_security_group_id[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "egress_with_cidr_blocks" { - count = "${var.create ? length(var.egress_with_cidr_blocks) : 0}" + count = var.create ? length(var.egress_with_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${split(",", lookup(var.egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.egress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.egress_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.egress_with_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.egress_with_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")], + 2, + ), + ) } # Computed - Security group rules with "cidr_blocks", but without "ipv6_cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" { - count = "${var.create ? var.number_of_computed_egress_with_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_egress_with_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - cidr_blocks = ["${split(",", lookup(var.computed_egress_with_cidr_blocks[count.index], "cidr_blocks", join(",", var.egress_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_cidr_blocks[count.index], "rule", "_")], 2))}" + cidr_blocks = split( + ",", + lookup( + var.computed_egress_with_cidr_blocks[count.index], + "cidr_blocks", + join(",", var.egress_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup( + var.computed_egress_with_cidr_blocks[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup( + var.computed_egress_with_cidr_blocks[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.computed_egress_with_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup( + var.computed_egress_with_cidr_blocks[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "egress_with_ipv6_cidr_blocks" { - count = "${var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0}" + count = var.create ? length(var.egress_with_ipv6_cidr_blocks) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - ipv6_cidr_blocks = ["${split(",", lookup(var.egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.egress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.egress_with_ipv6_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup(var.egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], + 2, + ), + ) } # Computed - Security group rules with "ipv6_cidr_blocks", but without "cidr_blocks", "source_security_group_id" and "self" resource "aws_security_group_rule" "computed_egress_with_ipv6_cidr_blocks" { - count = "${var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0}" + count = var.create ? var.number_of_computed_egress_with_ipv6_cidr_blocks : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - ipv6_cidr_blocks = ["${split(",", lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "ipv6_cidr_blocks", join(",", var.egress_ipv6_cidr_blocks)))}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_ipv6_cidr_blocks[count.index], "rule", "_")], 2))}" + ipv6_cidr_blocks = split( + ",", + lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "ipv6_cidr_blocks", + join(",", var.egress_ipv6_cidr_blocks), + ), + ) + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "from_port", + element( + var.rules[lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )], + 0, + ), + ) + to_port = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "to_port", + element( + var.rules[lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )], + 1, + ), + ) + protocol = lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "protocol", + element( + var.rules[lookup( + var.computed_egress_with_ipv6_cidr_blocks[count.index], + "rule", + "_", + )], + 2, + ), + ) } # Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "egress_with_self" { - count = "${var.create ? length(var.egress_with_self) : 0}" + count = var.create ? length(var.egress_with_self) : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - self = "${lookup(var.egress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.egress_with_self[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.egress_with_self[count.index], "from_port", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.egress_with_self[count.index], "to_port", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.egress_with_self[count.index], "protocol", element(var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.egress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.egress_with_self[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.egress_with_self[count.index], + "from_port", + element( + var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.egress_with_self[count.index], + "to_port", + element( + var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.egress_with_self[count.index], + "protocol", + element( + var.rules[lookup(var.egress_with_self[count.index], "rule", "_")], + 2, + ), + ) } # Computed - Security group rules with "self", but without "cidr_blocks" and "source_security_group_id" resource "aws_security_group_rule" "computed_egress_with_self" { - count = "${var.create ? var.number_of_computed_egress_with_self : 0}" + count = var.create ? var.number_of_computed_egress_with_self : 0 - security_group_id = "${local.this_sg_id}" + security_group_id = local.this_sg_id type = "egress" - self = "${lookup(var.computed_egress_with_self[count.index], "self", true)}" - ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] - prefix_list_ids = ["${var.egress_prefix_list_ids}"] - description = "${lookup(var.computed_egress_with_self[count.index], "description", "Egress Rule")}" - - from_port = "${lookup(var.computed_egress_with_self[count.index], "from_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 0))}" - to_port = "${lookup(var.computed_egress_with_self[count.index], "to_port", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 1))}" - protocol = "${lookup(var.computed_egress_with_self[count.index], "protocol", element(var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], 2))}" + self = lookup(var.computed_egress_with_self[count.index], "self", true) + ipv6_cidr_blocks = var.egress_ipv6_cidr_blocks + prefix_list_ids = var.egress_prefix_list_ids + description = lookup( + var.computed_egress_with_self[count.index], + "description", + "Egress Rule", + ) + + from_port = lookup( + var.computed_egress_with_self[count.index], + "from_port", + element( + var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], + 0, + ), + ) + to_port = lookup( + var.computed_egress_with_self[count.index], + "to_port", + element( + var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], + 1, + ), + ) + protocol = lookup( + var.computed_egress_with_self[count.index], + "protocol", + element( + var.rules[lookup(var.computed_egress_with_self[count.index], "rule", "_")], + 2, + ), + ) } ################ # End of egress ################ - diff --git a/modules/_templates/main.tf b/modules/_templates/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/_templates/main.tf +++ b/modules/_templates/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/_templates/outputs.tf b/modules/_templates/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/_templates/outputs.tf +++ b/modules/_templates/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/_templates/variables.tf b/modules/_templates/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/_templates/variables.tf +++ b/modules/_templates/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/_templates/versions.tf b/modules/_templates/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/_templates/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/carbon-relay-ng/auto_values.tf b/modules/carbon-relay-ng/auto_values.tf index 42e28091..46d651f5 100644 --- a/modules/carbon-relay-ng/auto_values.tf +++ b/modules/carbon-relay-ng/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["carbon-line-in-tcp", "carbon-line-in-udp", "carbon-pickle-tcp", "carbon-pickle-udp", "carbon-gui-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/carbon-relay-ng/main.tf b/modules/carbon-relay-ng/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/carbon-relay-ng/main.tf +++ b/modules/carbon-relay-ng/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/carbon-relay-ng/outputs.tf b/modules/carbon-relay-ng/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/carbon-relay-ng/outputs.tf +++ b/modules/carbon-relay-ng/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/carbon-relay-ng/variables.tf b/modules/carbon-relay-ng/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/carbon-relay-ng/variables.tf +++ b/modules/carbon-relay-ng/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/carbon-relay-ng/versions.tf b/modules/carbon-relay-ng/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/carbon-relay-ng/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/cassandra/auto_values.tf b/modules/cassandra/auto_values.tf index 8c4dd08f..c9062e6b 100644 --- a/modules/cassandra/auto_values.tf +++ b/modules/cassandra/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/cassandra/main.tf b/modules/cassandra/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/cassandra/main.tf +++ b/modules/cassandra/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/cassandra/outputs.tf b/modules/cassandra/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/cassandra/outputs.tf +++ b/modules/cassandra/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/cassandra/variables.tf b/modules/cassandra/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/cassandra/variables.tf +++ b/modules/cassandra/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/cassandra/versions.tf b/modules/cassandra/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/cassandra/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/consul/auto_values.tf b/modules/consul/auto_values.tf index be7b4e15..bd5693b9 100644 --- a/modules/consul/auto_values.tf +++ b/modules/consul/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/consul/main.tf b/modules/consul/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/consul/main.tf +++ b/modules/consul/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/consul/outputs.tf b/modules/consul/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/consul/outputs.tf +++ b/modules/consul/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/consul/variables.tf b/modules/consul/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/consul/variables.tf +++ b/modules/consul/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/consul/versions.tf b/modules/consul/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/consul/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/docker-swarm/auto_values.tf b/modules/docker-swarm/auto_values.tf index df26e8ce..91b04704 100644 --- a/modules/docker-swarm/auto_values.tf +++ b/modules/docker-swarm/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/docker-swarm/main.tf b/modules/docker-swarm/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/docker-swarm/main.tf +++ b/modules/docker-swarm/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/docker-swarm/outputs.tf b/modules/docker-swarm/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/docker-swarm/outputs.tf +++ b/modules/docker-swarm/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/docker-swarm/variables.tf b/modules/docker-swarm/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/docker-swarm/variables.tf +++ b/modules/docker-swarm/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/docker-swarm/versions.tf b/modules/docker-swarm/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/docker-swarm/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/elasticsearch/auto_values.tf b/modules/elasticsearch/auto_values.tf index 129715a2..d3841569 100644 --- a/modules/elasticsearch/auto_values.tf +++ b/modules/elasticsearch/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/elasticsearch/main.tf b/modules/elasticsearch/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/elasticsearch/main.tf +++ b/modules/elasticsearch/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/elasticsearch/outputs.tf b/modules/elasticsearch/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/elasticsearch/outputs.tf +++ b/modules/elasticsearch/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/elasticsearch/variables.tf b/modules/elasticsearch/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/elasticsearch/variables.tf +++ b/modules/elasticsearch/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/elasticsearch/versions.tf b/modules/elasticsearch/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/elasticsearch/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/http-80/auto_values.tf b/modules/http-80/auto_values.tf index 281d3345..11ada6b1 100644 --- a/modules/http-80/auto_values.tf +++ b/modules/http-80/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["http-80-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/http-80/main.tf b/modules/http-80/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/http-80/main.tf +++ b/modules/http-80/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/http-80/outputs.tf b/modules/http-80/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/http-80/outputs.tf +++ b/modules/http-80/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/http-80/variables.tf b/modules/http-80/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/http-80/variables.tf +++ b/modules/http-80/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/http-80/versions.tf b/modules/http-80/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/http-80/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/http-8080/auto_values.tf b/modules/http-8080/auto_values.tf index c08c4ce4..e24e2fb1 100644 --- a/modules/http-8080/auto_values.tf +++ b/modules/http-8080/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["http-8080-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/http-8080/main.tf b/modules/http-8080/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/http-8080/main.tf +++ b/modules/http-8080/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/http-8080/outputs.tf b/modules/http-8080/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/http-8080/outputs.tf +++ b/modules/http-8080/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/http-8080/variables.tf b/modules/http-8080/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/http-8080/variables.tf +++ b/modules/http-8080/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/http-8080/versions.tf b/modules/http-8080/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/http-8080/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/https-443/auto_values.tf b/modules/https-443/auto_values.tf index 92c51599..2135e64d 100644 --- a/modules/https-443/auto_values.tf +++ b/modules/https-443/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["https-443-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/https-443/main.tf b/modules/https-443/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/https-443/main.tf +++ b/modules/https-443/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/https-443/outputs.tf b/modules/https-443/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/https-443/outputs.tf +++ b/modules/https-443/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/https-443/variables.tf b/modules/https-443/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/https-443/variables.tf +++ b/modules/https-443/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/https-443/versions.tf b/modules/https-443/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/https-443/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/https-8443/auto_values.tf b/modules/https-8443/auto_values.tf index 9791195e..82f82c80 100644 --- a/modules/https-8443/auto_values.tf +++ b/modules/https-8443/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["https-8443-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/https-8443/main.tf b/modules/https-8443/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/https-8443/main.tf +++ b/modules/https-8443/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/https-8443/outputs.tf b/modules/https-8443/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/https-8443/outputs.tf +++ b/modules/https-8443/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/https-8443/variables.tf b/modules/https-8443/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/https-8443/variables.tf +++ b/modules/https-8443/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/https-8443/versions.tf b/modules/https-8443/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/https-8443/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/ipsec-4500/auto_values.tf b/modules/ipsec-4500/auto_values.tf index 02cd4149..2805d218 100644 --- a/modules/ipsec-4500/auto_values.tf +++ b/modules/ipsec-4500/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ipsec-4500-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/ipsec-4500/main.tf b/modules/ipsec-4500/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/ipsec-4500/main.tf +++ b/modules/ipsec-4500/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/ipsec-4500/outputs.tf b/modules/ipsec-4500/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ipsec-4500/outputs.tf +++ b/modules/ipsec-4500/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ipsec-4500/variables.tf b/modules/ipsec-4500/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/ipsec-4500/variables.tf +++ b/modules/ipsec-4500/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/ipsec-4500/versions.tf b/modules/ipsec-4500/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/ipsec-4500/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/ipsec-500/auto_values.tf b/modules/ipsec-500/auto_values.tf index f4e79263..f5c07283 100644 --- a/modules/ipsec-500/auto_values.tf +++ b/modules/ipsec-500/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ipsec-500-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/ipsec-500/main.tf b/modules/ipsec-500/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/ipsec-500/main.tf +++ b/modules/ipsec-500/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/ipsec-500/outputs.tf b/modules/ipsec-500/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ipsec-500/outputs.tf +++ b/modules/ipsec-500/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ipsec-500/variables.tf b/modules/ipsec-500/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/ipsec-500/variables.tf +++ b/modules/ipsec-500/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/ipsec-500/versions.tf b/modules/ipsec-500/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/ipsec-500/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/kafka/auto_values.tf b/modules/kafka/auto_values.tf index e8d3399b..c529d0f0 100644 --- a/modules/kafka/auto_values.tf +++ b/modules/kafka/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["kafka-broker-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/kafka/main.tf b/modules/kafka/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/kafka/main.tf +++ b/modules/kafka/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/kafka/outputs.tf b/modules/kafka/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/kafka/outputs.tf +++ b/modules/kafka/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/kafka/variables.tf b/modules/kafka/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/kafka/variables.tf +++ b/modules/kafka/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/kafka/versions.tf b/modules/kafka/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/kafka/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/ldaps/auto_values.tf b/modules/ldaps/auto_values.tf index d294f7ed..373e1d75 100644 --- a/modules/ldaps/auto_values.tf +++ b/modules/ldaps/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ldaps-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/ldaps/main.tf b/modules/ldaps/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/ldaps/main.tf +++ b/modules/ldaps/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/ldaps/outputs.tf b/modules/ldaps/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ldaps/outputs.tf +++ b/modules/ldaps/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ldaps/variables.tf b/modules/ldaps/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/ldaps/variables.tf +++ b/modules/ldaps/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/ldaps/versions.tf b/modules/ldaps/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/ldaps/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/memcached/auto_values.tf b/modules/memcached/auto_values.tf index 075611a1..ff71939d 100644 --- a/modules/memcached/auto_values.tf +++ b/modules/memcached/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["memcached-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/memcached/main.tf b/modules/memcached/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/memcached/main.tf +++ b/modules/memcached/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/memcached/outputs.tf b/modules/memcached/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/memcached/outputs.tf +++ b/modules/memcached/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/memcached/variables.tf b/modules/memcached/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/memcached/variables.tf +++ b/modules/memcached/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/memcached/versions.tf b/modules/memcached/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/memcached/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/mongodb/auto_values.tf b/modules/mongodb/auto_values.tf index 5ffa670b..78655af4 100644 --- a/modules/mongodb/auto_values.tf +++ b/modules/mongodb/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/mongodb/main.tf b/modules/mongodb/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/mongodb/main.tf +++ b/modules/mongodb/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/mongodb/outputs.tf b/modules/mongodb/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/mongodb/outputs.tf +++ b/modules/mongodb/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/mongodb/variables.tf b/modules/mongodb/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/mongodb/variables.tf +++ b/modules/mongodb/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/mongodb/versions.tf b/modules/mongodb/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/mongodb/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/mssql/auto_values.tf b/modules/mssql/auto_values.tf index 358cabe1..8bd60ad1 100644 --- a/modules/mssql/auto_values.tf +++ b/modules/mssql/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/mssql/main.tf b/modules/mssql/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/mssql/main.tf +++ b/modules/mssql/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/mssql/outputs.tf b/modules/mssql/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/mssql/outputs.tf +++ b/modules/mssql/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/mssql/variables.tf b/modules/mssql/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/mssql/variables.tf +++ b/modules/mssql/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/mssql/versions.tf b/modules/mssql/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/mssql/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/mysql/auto_values.tf b/modules/mysql/auto_values.tf index fda8f403..61dfe4e3 100644 --- a/modules/mysql/auto_values.tf +++ b/modules/mysql/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["mysql-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/mysql/main.tf +++ b/modules/mysql/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/mysql/outputs.tf b/modules/mysql/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/mysql/outputs.tf +++ b/modules/mysql/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/mysql/variables.tf b/modules/mysql/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/mysql/variables.tf +++ b/modules/mysql/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/mysql/versions.tf b/modules/mysql/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/mysql/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/nfs/auto_values.tf b/modules/nfs/auto_values.tf index f4f6ebaf..158baa93 100644 --- a/modules/nfs/auto_values.tf +++ b/modules/nfs/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["nfs-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/nfs/main.tf b/modules/nfs/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/nfs/main.tf +++ b/modules/nfs/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/nfs/outputs.tf b/modules/nfs/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/nfs/outputs.tf +++ b/modules/nfs/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/nfs/variables.tf b/modules/nfs/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/nfs/variables.tf +++ b/modules/nfs/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/nfs/versions.tf b/modules/nfs/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/nfs/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/nomad/auto_values.tf b/modules/nomad/auto_values.tf index e91f3f0c..682a5f52 100644 --- a/modules/nomad/auto_values.tf +++ b/modules/nomad/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/nomad/main.tf b/modules/nomad/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/nomad/main.tf +++ b/modules/nomad/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/nomad/outputs.tf b/modules/nomad/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/nomad/outputs.tf +++ b/modules/nomad/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/nomad/variables.tf b/modules/nomad/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/nomad/variables.tf +++ b/modules/nomad/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/nomad/versions.tf b/modules/nomad/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/nomad/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/ntp/auto_values.tf b/modules/ntp/auto_values.tf index 7c11a01f..26c219ca 100644 --- a/modules/ntp/auto_values.tf +++ b/modules/ntp/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ntp-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/ntp/main.tf b/modules/ntp/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/ntp/main.tf +++ b/modules/ntp/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/ntp/outputs.tf b/modules/ntp/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ntp/outputs.tf +++ b/modules/ntp/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ntp/variables.tf b/modules/ntp/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/ntp/variables.tf +++ b/modules/ntp/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/ntp/versions.tf b/modules/ntp/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/ntp/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/openvpn/auto_values.tf b/modules/openvpn/auto_values.tf index 754247f9..fd077ed8 100644 --- a/modules/openvpn/auto_values.tf +++ b/modules/openvpn/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["openvpn-udp", "openvpn-tcp", "openvpn-https-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/openvpn/main.tf b/modules/openvpn/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/openvpn/main.tf +++ b/modules/openvpn/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/openvpn/outputs.tf b/modules/openvpn/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/openvpn/outputs.tf +++ b/modules/openvpn/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/openvpn/variables.tf b/modules/openvpn/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/openvpn/variables.tf +++ b/modules/openvpn/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/openvpn/versions.tf b/modules/openvpn/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/openvpn/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/oracle-db/auto_values.tf b/modules/oracle-db/auto_values.tf index 1280cc3e..55c6e45a 100644 --- a/modules/oracle-db/auto_values.tf +++ b/modules/oracle-db/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["oracle-db-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/oracle-db/main.tf b/modules/oracle-db/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/oracle-db/main.tf +++ b/modules/oracle-db/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/oracle-db/outputs.tf b/modules/oracle-db/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/oracle-db/outputs.tf +++ b/modules/oracle-db/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/oracle-db/variables.tf b/modules/oracle-db/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/oracle-db/variables.tf +++ b/modules/oracle-db/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/oracle-db/versions.tf b/modules/oracle-db/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/oracle-db/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/postgresql/auto_values.tf b/modules/postgresql/auto_values.tf index bd736eb4..cc5c5787 100644 --- a/modules/postgresql/auto_values.tf +++ b/modules/postgresql/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["postgresql-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/postgresql/main.tf +++ b/modules/postgresql/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/postgresql/outputs.tf b/modules/postgresql/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/postgresql/outputs.tf +++ b/modules/postgresql/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/postgresql/variables.tf b/modules/postgresql/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/postgresql/variables.tf +++ b/modules/postgresql/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/postgresql/versions.tf b/modules/postgresql/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/postgresql/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/puppet/auto_values.tf b/modules/puppet/auto_values.tf index 4894c64d..7d450c8f 100644 --- a/modules/puppet/auto_values.tf +++ b/modules/puppet/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["puppet-tcp", "puppetdb-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/puppet/main.tf b/modules/puppet/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/puppet/main.tf +++ b/modules/puppet/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/puppet/outputs.tf b/modules/puppet/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/puppet/outputs.tf +++ b/modules/puppet/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/puppet/variables.tf b/modules/puppet/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/puppet/variables.tf +++ b/modules/puppet/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/puppet/versions.tf b/modules/puppet/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/puppet/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/rabbitmq/auto_values.tf b/modules/rabbitmq/auto_values.tf index 389bd903..5612bf82 100644 --- a/modules/rabbitmq/auto_values.tf +++ b/modules/rabbitmq/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/rabbitmq/main.tf b/modules/rabbitmq/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/rabbitmq/main.tf +++ b/modules/rabbitmq/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/rabbitmq/outputs.tf b/modules/rabbitmq/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/rabbitmq/outputs.tf +++ b/modules/rabbitmq/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/rabbitmq/variables.tf b/modules/rabbitmq/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/rabbitmq/variables.tf +++ b/modules/rabbitmq/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/rabbitmq/versions.tf b/modules/rabbitmq/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/rabbitmq/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/rdp/auto_values.tf b/modules/rdp/auto_values.tf index 8e863dde..4ecb18fc 100644 --- a/modules/rdp/auto_values.tf +++ b/modules/rdp/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["rdp-tcp", "rdp-udp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/rdp/main.tf b/modules/rdp/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/rdp/main.tf +++ b/modules/rdp/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/rdp/outputs.tf b/modules/rdp/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/rdp/outputs.tf +++ b/modules/rdp/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/rdp/variables.tf b/modules/rdp/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/rdp/variables.tf +++ b/modules/rdp/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/rdp/versions.tf b/modules/rdp/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/rdp/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/redis/auto_values.tf b/modules/redis/auto_values.tf index 3d9631b6..2312b656 100644 --- a/modules/redis/auto_values.tf +++ b/modules/redis/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["redis-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/redis/main.tf b/modules/redis/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/redis/main.tf +++ b/modules/redis/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/redis/outputs.tf b/modules/redis/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/redis/outputs.tf +++ b/modules/redis/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/redis/variables.tf b/modules/redis/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/redis/variables.tf +++ b/modules/redis/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/redis/versions.tf b/modules/redis/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/redis/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/redshift/auto_values.tf b/modules/redshift/auto_values.tf index df7b00de..75a7a94e 100644 --- a/modules/redshift/auto_values.tf +++ b/modules/redshift/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["redshift-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/redshift/main.tf b/modules/redshift/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/redshift/main.tf +++ b/modules/redshift/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/redshift/outputs.tf b/modules/redshift/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/redshift/outputs.tf +++ b/modules/redshift/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/redshift/variables.tf b/modules/redshift/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/redshift/variables.tf +++ b/modules/redshift/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/redshift/versions.tf b/modules/redshift/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/redshift/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/splunk/auto_values.tf b/modules/splunk/auto_values.tf index 898585b6..24d8feee 100644 --- a/modules/splunk/auto_values.tf +++ b/modules/splunk/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/splunk/main.tf b/modules/splunk/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/splunk/main.tf +++ b/modules/splunk/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/splunk/outputs.tf b/modules/splunk/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/splunk/outputs.tf +++ b/modules/splunk/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/splunk/variables.tf b/modules/splunk/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/splunk/variables.tf +++ b/modules/splunk/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/splunk/versions.tf b/modules/splunk/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/splunk/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/squid/auto_values.tf b/modules/squid/auto_values.tf index d0837155..2213595c 100644 --- a/modules/squid/auto_values.tf +++ b/modules/squid/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["squid-proxy-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/squid/main.tf b/modules/squid/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/squid/main.tf +++ b/modules/squid/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/squid/outputs.tf b/modules/squid/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/squid/outputs.tf +++ b/modules/squid/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/squid/variables.tf b/modules/squid/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/squid/variables.tf +++ b/modules/squid/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/squid/versions.tf b/modules/squid/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/squid/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/ssh/auto_values.tf b/modules/ssh/auto_values.tf index 0641e7d2..96a98dd7 100644 --- a/modules/ssh/auto_values.tf +++ b/modules/ssh/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["ssh-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/ssh/main.tf b/modules/ssh/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/ssh/main.tf +++ b/modules/ssh/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/ssh/outputs.tf b/modules/ssh/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/ssh/outputs.tf +++ b/modules/ssh/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/ssh/variables.tf b/modules/ssh/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/ssh/variables.tf +++ b/modules/ssh/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/ssh/versions.tf b/modules/ssh/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/ssh/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/storm/auto_values.tf b/modules/storm/auto_values.tf index 77928b6b..2b8c9111 100644 --- a/modules/storm/auto_values.tf +++ b/modules/storm/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/storm/main.tf b/modules/storm/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/storm/main.tf +++ b/modules/storm/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/storm/outputs.tf b/modules/storm/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/storm/outputs.tf +++ b/modules/storm/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/storm/variables.tf b/modules/storm/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/storm/variables.tf +++ b/modules/storm/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/storm/versions.tf b/modules/storm/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/storm/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/web/auto_values.tf b/modules/web/auto_values.tf index 2a359de5..ef8d07d8 100644 --- a/modules/web/auto_values.tf +++ b/modules/web/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/web/main.tf b/modules/web/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/web/main.tf +++ b/modules/web/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/web/outputs.tf b/modules/web/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/web/outputs.tf +++ b/modules/web/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/web/variables.tf b/modules/web/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/web/variables.tf +++ b/modules/web/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/web/versions.tf b/modules/web/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/web/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/winrm/auto_values.tf b/modules/winrm/auto_values.tf index 3af0e0bc..12963577 100644 --- a/modules/winrm/auto_values.tf +++ b/modules/winrm/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["winrm-http-tcp", "winrm-https-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/winrm/main.tf b/modules/winrm/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/winrm/main.tf +++ b/modules/winrm/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/winrm/outputs.tf b/modules/winrm/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/winrm/outputs.tf +++ b/modules/winrm/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/winrm/variables.tf b/modules/winrm/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/winrm/variables.tf +++ b/modules/winrm/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/winrm/versions.tf b/modules/winrm/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/winrm/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/zipkin/auto_values.tf b/modules/zipkin/auto_values.tf index 193b13c0..db304178 100644 --- a/modules/zipkin/auto_values.tf +++ b/modules/zipkin/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/zipkin/main.tf b/modules/zipkin/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/zipkin/main.tf +++ b/modules/zipkin/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/zipkin/outputs.tf b/modules/zipkin/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/zipkin/outputs.tf +++ b/modules/zipkin/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/zipkin/variables.tf b/modules/zipkin/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/zipkin/variables.tf +++ b/modules/zipkin/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/zipkin/versions.tf b/modules/zipkin/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/zipkin/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/zookeeper/auto_values.tf b/modules/zookeeper/auto_values.tf index b6a2466d..8da8aa49 100644 --- a/modules/zookeeper/auto_values.tf +++ b/modules/zookeeper/auto_values.tf @@ -5,53 +5,55 @@ variable "auto_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = ["zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"] } variable "auto_ingress_with_self" { description = "List of maps defining ingress rules with self to add automatically" - type = "list" + type = list(string) - default = [{ - "rule" = "all-all" - }] + default = [ + { + "rule" = "all-all" + }, + ] } variable "auto_egress_rules" { description = "List of egress rules to add automatically" - type = "list" + type = list(string) default = ["all-all"] } variable "auto_egress_with_self" { description = "List of maps defining egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } # Computed variable "auto_computed_ingress_rules" { description = "List of ingress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_ingress_with_self" { description = "List of maps defining computed ingress rules with self to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_rules" { description = "List of computed egress rules to add automatically" - type = "list" + type = list(string) default = [] } variable "auto_computed_egress_with_self" { description = "List of maps defining computed egress rules with self to add automatically" - type = "list" + type = list(string) default = [] } @@ -75,3 +77,4 @@ variable "auto_number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" default = 0 } + diff --git a/modules/zookeeper/main.tf b/modules/zookeeper/main.tf index 8d89d1fb..9116e809 100644 --- a/modules/zookeeper/main.tf +++ b/modules/zookeeper/main.tf @@ -1,116 +1,131 @@ module "sg" { source = "../../" - create = "${var.create}" - name = "${var.name}" - use_name_prefix = "${var.use_name_prefix}" - description = "${var.description}" - vpc_id = "${var.vpc_id}" - tags = "${var.tags}" + create = var.create + name = var.name + use_name_prefix = var.use_name_prefix + description = var.description + vpc_id = var.vpc_id + tags = var.tags ########## # Ingress ########## # Rules by names - open for default CIDR - ingress_rules = ["${sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))}"] + ingress_rules = [sort(distinct(concat(var.auto_ingress_rules, var.ingress_rules)))] # Open for self - ingress_with_self = ["${concat(var.auto_ingress_with_self, var.ingress_with_self)}"] + ingress_with_self = [concat(var.auto_ingress_with_self, var.ingress_with_self)] # Open to IPv4 cidr blocks - ingress_with_cidr_blocks = ["${var.ingress_with_cidr_blocks}"] + ingress_with_cidr_blocks = [var.ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - ingress_with_ipv6_cidr_blocks = ["${var.ingress_with_ipv6_cidr_blocks}"] + ingress_with_ipv6_cidr_blocks = [var.ingress_with_ipv6_cidr_blocks] # Open for security group id - ingress_with_source_security_group_id = ["${var.ingress_with_source_security_group_id}"] + ingress_with_source_security_group_id = [var.ingress_with_source_security_group_id] # Default ingress CIDR blocks - ingress_cidr_blocks = ["${var.ingress_cidr_blocks}"] - ingress_ipv6_cidr_blocks = ["${var.ingress_ipv6_cidr_blocks}"] + ingress_cidr_blocks = [var.ingress_cidr_blocks] + ingress_ipv6_cidr_blocks = [var.ingress_ipv6_cidr_blocks] # Default prefix list ids - ingress_prefix_list_ids = ["${var.ingress_prefix_list_ids}"] + ingress_prefix_list_ids = [var.ingress_prefix_list_ids] ################### # Computed Ingress ################### # Rules by names - open for default CIDR - computed_ingress_rules = ["${sort(distinct(concat(var.auto_computed_ingress_rules, var.computed_ingress_rules)))}"] + computed_ingress_rules = [sort( + distinct( + concat(var.auto_computed_ingress_rules, var.computed_ingress_rules), + ), + )] # Open for self - computed_ingress_with_self = ["${concat(var.auto_computed_ingress_with_self, var.computed_ingress_with_self)}"] + computed_ingress_with_self = [concat( + var.auto_computed_ingress_with_self, + var.computed_ingress_with_self, + )] # Open to IPv4 cidr blocks - computed_ingress_with_cidr_blocks = ["${var.computed_ingress_with_cidr_blocks}"] + computed_ingress_with_cidr_blocks = [var.computed_ingress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_ingress_with_ipv6_cidr_blocks = ["${var.computed_ingress_with_ipv6_cidr_blocks}"] + computed_ingress_with_ipv6_cidr_blocks = [var.computed_ingress_with_ipv6_cidr_blocks] # Open for security group id - computed_ingress_with_source_security_group_id = ["${var.computed_ingress_with_source_security_group_id}"] + computed_ingress_with_source_security_group_id = [var.computed_ingress_with_source_security_group_id] ############################# # Number of computed ingress ############################# - number_of_computed_ingress_rules = "${var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules}" + number_of_computed_ingress_rules = var.auto_number_of_computed_ingress_rules + var.number_of_computed_ingress_rules - number_of_computed_ingress_with_self = "${var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self}" - number_of_computed_ingress_with_cidr_blocks = "${var.number_of_computed_ingress_with_cidr_blocks}" - number_of_computed_ingress_with_ipv6_cidr_blocks = "${var.number_of_computed_ingress_with_ipv6_cidr_blocks}" - number_of_computed_ingress_with_source_security_group_id = "${var.number_of_computed_ingress_with_source_security_group_id}" + number_of_computed_ingress_with_self = var.auto_number_of_computed_ingress_with_self + var.number_of_computed_ingress_with_self + number_of_computed_ingress_with_cidr_blocks = var.number_of_computed_ingress_with_cidr_blocks + number_of_computed_ingress_with_ipv6_cidr_blocks = var.number_of_computed_ingress_with_ipv6_cidr_blocks + number_of_computed_ingress_with_source_security_group_id = var.number_of_computed_ingress_with_source_security_group_id ######### # Egress ######### # Rules by names - open for default CIDR - egress_rules = ["${sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))}"] + egress_rules = [sort(distinct(concat(var.auto_egress_rules, var.egress_rules)))] # Open for self - egress_with_self = ["${concat(var.auto_egress_with_self, var.egress_with_self)}"] + egress_with_self = [concat(var.auto_egress_with_self, var.egress_with_self)] # Open to IPv4 cidr blocks - egress_with_cidr_blocks = ["${var.egress_with_cidr_blocks}"] + egress_with_cidr_blocks = [var.egress_with_cidr_blocks] # Open to IPv6 cidr blocks - egress_with_ipv6_cidr_blocks = ["${var.egress_with_ipv6_cidr_blocks}"] + egress_with_ipv6_cidr_blocks = [var.egress_with_ipv6_cidr_blocks] # Open for security group id - egress_with_source_security_group_id = ["${var.egress_with_source_security_group_id}"] + egress_with_source_security_group_id = [var.egress_with_source_security_group_id] # Default egress CIDR blocks - egress_cidr_blocks = ["${var.egress_cidr_blocks}"] - egress_ipv6_cidr_blocks = ["${var.egress_ipv6_cidr_blocks}"] + egress_cidr_blocks = [var.egress_cidr_blocks] + egress_ipv6_cidr_blocks = [var.egress_ipv6_cidr_blocks] # Default prefix list ids - egress_prefix_list_ids = ["${var.egress_prefix_list_ids}"] + egress_prefix_list_ids = [var.egress_prefix_list_ids] ################## # Computed Egress ################## # Rules by names - open for default CIDR - computed_egress_rules = ["${sort(distinct(concat(var.auto_computed_egress_rules, var.computed_egress_rules)))}"] + computed_egress_rules = [sort( + distinct( + concat(var.auto_computed_egress_rules, var.computed_egress_rules), + ), + )] # Open for self - computed_egress_with_self = ["${concat(var.auto_computed_egress_with_self, var.computed_egress_with_self)}"] + computed_egress_with_self = [concat( + var.auto_computed_egress_with_self, + var.computed_egress_with_self, + )] # Open to IPv4 cidr blocks - computed_egress_with_cidr_blocks = ["${var.computed_egress_with_cidr_blocks}"] + computed_egress_with_cidr_blocks = [var.computed_egress_with_cidr_blocks] # Open to IPv6 cidr blocks - computed_egress_with_ipv6_cidr_blocks = ["${var.computed_egress_with_ipv6_cidr_blocks}"] + computed_egress_with_ipv6_cidr_blocks = [var.computed_egress_with_ipv6_cidr_blocks] # Open for security group id - computed_egress_with_source_security_group_id = ["${var.computed_egress_with_source_security_group_id}"] + computed_egress_with_source_security_group_id = [var.computed_egress_with_source_security_group_id] ############################# # Number of computed egress ############################# - number_of_computed_egress_rules = "${var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules}" + number_of_computed_egress_rules = var.auto_number_of_computed_egress_rules + var.number_of_computed_egress_rules - number_of_computed_egress_with_self = "${var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self}" - number_of_computed_egress_with_cidr_blocks = "${var.number_of_computed_egress_with_cidr_blocks}" - number_of_computed_egress_with_ipv6_cidr_blocks = "${var.number_of_computed_egress_with_ipv6_cidr_blocks}" - number_of_computed_egress_with_source_security_group_id = "${var.number_of_computed_egress_with_source_security_group_id}" + number_of_computed_egress_with_self = var.auto_number_of_computed_egress_with_self + var.number_of_computed_egress_with_self + number_of_computed_egress_with_cidr_blocks = var.number_of_computed_egress_with_cidr_blocks + number_of_computed_egress_with_ipv6_cidr_blocks = var.number_of_computed_egress_with_ipv6_cidr_blocks + number_of_computed_egress_with_source_security_group_id = var.number_of_computed_egress_with_source_security_group_id } + diff --git a/modules/zookeeper/outputs.tf b/modules/zookeeper/outputs.tf index 4129cf93..235ad34d 100644 --- a/modules/zookeeper/outputs.tf +++ b/modules/zookeeper/outputs.tf @@ -1,24 +1,25 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${module.sg.this_security_group_id}" + value = module.sg.this_security_group_id } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${module.sg.this_security_group_vpc_id}" + value = module.sg.this_security_group_vpc_id } output "this_security_group_owner_id" { description = "The owner ID" - value = "${module.sg.this_security_group_owner_id}" + value = module.sg.this_security_group_owner_id } output "this_security_group_name" { description = "The name of the security group" - value = "${module.sg.this_security_group_name}" + value = module.sg.this_security_group_name } output "this_security_group_description" { description = "The description of the security group" - value = "${module.sg.this_security_group_description}" + value = module.sg.this_security_group_description } + diff --git a/modules/zookeeper/variables.tf b/modules/zookeeper/variables.tf index 070cc30c..343ff07c 100644 --- a/modules/zookeeper/variables.tf +++ b/modules/zookeeper/variables.tf @@ -286,3 +286,4 @@ variable "number_of_computed_egress_prefix_list_ids" { description = "Number of prefix list IDs (for allowing access to VPC endpoints) to use on all computed egress rules" default = 0 } + diff --git a/modules/zookeeper/versions.tf b/modules/zookeeper/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/zookeeper/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/outputs.tf b/outputs.tf index 9fb8e362..9380b3d3 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,36 +1,78 @@ output "this_security_group_id" { description = "The ID of the security group" - value = "${element(concat(coalescelist(aws_security_group.this.*.id, aws_security_group.this_name_prefix.*.id), list("")), 0)}" + value = element( + concat( + coalescelist( + aws_security_group.this.*.id, + aws_security_group.this_name_prefix.*.id, + ), + [""], + ), + 0, + ) } output "this_security_group_vpc_id" { description = "The VPC ID" - value = "${element(concat(coalescelist(aws_security_group.this.*.vpc_id, aws_security_group.this_name_prefix.*.vpc_id), list("")), 0)}" + value = element( + concat( + coalescelist( + aws_security_group.this.*.vpc_id, + aws_security_group.this_name_prefix.*.vpc_id, + ), + [""], + ), + 0, + ) } output "this_security_group_owner_id" { description = "The owner ID" - value = "${element(concat(coalescelist(aws_security_group.this.*.owner_id, aws_security_group.this_name_prefix.*.owner_id), list("")), 0)}" + value = element( + concat( + coalescelist( + aws_security_group.this.*.owner_id, + aws_security_group.this_name_prefix.*.owner_id, + ), + [""], + ), + 0, + ) } output "this_security_group_name" { description = "The name of the security group" - value = "${element(concat(coalescelist(aws_security_group.this.*.name, aws_security_group.this_name_prefix.*.name), list("")), 0)}" + value = element( + concat( + coalescelist( + aws_security_group.this.*.name, + aws_security_group.this_name_prefix.*.name, + ), + [""], + ), + 0, + ) } output "this_security_group_description" { description = "The description of the security group" - value = "${element(concat(coalescelist(aws_security_group.this.*.description, aws_security_group.this_name_prefix.*.description), list("")), 0)}" + value = element( + concat( + coalescelist( + aws_security_group.this.*.description, + aws_security_group.this_name_prefix.*.description, + ), + [""], + ), + 0, + ) } //output "this_security_group_ingress" { // description = "The ingress rules" // value = "${element(concat(aws_security_group.this.*.ingress, list("")), 0)}" //} - - //output "this_security_group_egress" { // description = "The egress rules" // value = "${element(concat(aws_security_group.this.*.egress, list("")), 0)" //} - diff --git a/rules.tf b/rules.tf index ac13374b..ea5078ec 100644 --- a/rules.tf +++ b/rules.tf @@ -1,6 +1,6 @@ variable "rules" { description = "Map of known security group rules (define as 'name' = ['from port', 'to port', 'protocol', 'description'])" - type = "map" + type = map(list(string)) # Protocols (tcp, udp, icmp, all - are allowed keywords) or numbers (from https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml): # All = -1, IPV4-ICMP = 1, TCP = 6, UDP = 16, IPV6-ICMP = 58 @@ -12,12 +12,10 @@ variable "rules" { carbon-pickle-udp = [2013, 2013, "udp", "Carbon pickle"] carbon-admin-tcp = [2004, 2004, "tcp", "Carbon admin"] carbon-gui-udp = [8081, 8081, "tcp", "Carbon GUI"] - # Cassandra cassandra-clients-tcp = [9042, 9042, "tcp", "Cassandra clients"] cassandra-thrift-clients-tcp = [9160, 9160, "tcp", "Cassandra Thrift clients"] cassandra-jmx-tcp = [7199, 7199, "tcp", "JMX"] - # Consul consul-tcp = [8300, 8300, "tcp", "Consul server"] consul-cli-rpc-tcp = [8400, 8400, "tcp", "Consul CLI RPC"] @@ -28,144 +26,111 @@ variable "rules" { consul-serf-lan-udp = [8301, 8301, "udp", "Serf LAN"] consul-serf-wan-tcp = [8302, 8302, "tcp", "Serf WAN"] consul-serf-wan-udp = [8302, 8302, "udp", "Serf WAN"] - # Docker Swarm docker-swarm-mngmt-tcp = [2377, 2377, "tcp", "Docker Swarm cluster management"] docker-swarm-node-tcp = [7946, 7946, "tcp", "Docker Swarm node"] docker-swarm-node-udp = [7946, 7946, "udp", "Docker Swarm node"] docker-swarm-overlay-udp = [4789, 4789, "udp", "Docker Swarm Overlay Network Traffic"] - # DNS dns-udp = [53, 53, "udp", "DNS"] dns-tcp = [53, 53, "tcp", "DNS"] - # NTP - Network Time Protocol ntp-udp = [123, 123, "udp", "NTP"] - # Elasticsearch elasticsearch-rest-tcp = [9200, 9200, "tcp", "Elasticsearch REST interface"] elasticsearch-java-tcp = [9300, 9300, "tcp", "Elasticsearch Java interface"] - # HTTP http-80-tcp = [80, 80, "tcp", "HTTP"] http-8080-tcp = [8080, 8080, "tcp", "HTTP"] - # HTTPS https-443-tcp = [443, 443, "tcp", "HTTPS"] https-8443-tcp = [8443, 8443, "tcp", "HTTPS"] - # IPSEC ipsec-500-udp = [500, 500, "udp", "IPSEC ISAKMP"] ipsec-4500-udp = [4500, 4500, "udp", "IPSEC NAT-T"] - # Kafka kafka-broker-tcp = [9092, 9092, "tcp", "Kafka broker 0.8.2+"] - # LDAPS ldaps-tcp = [636, 636, "tcp", "LDAPS"] - # Memcached memcached-tcp = [11211, 11211, "tcp", "Memcached"] - # MongoDB mongodb-27017-tcp = [27017, 27017, "tcp", "MongoDB"] mongodb-27018-tcp = [27018, 27018, "tcp", "MongoDB shard"] mongodb-27019-tcp = [27019, 27019, "tcp", "MongoDB config server"] - # MySQL mysql-tcp = [3306, 3306, "tcp", "MySQL/Aurora"] - # MSSQL Server mssql-tcp = [1433, 1433, "tcp", "MSSQL Server"] mssql-udp = [1434, 1434, "udp", "MSSQL Browser"] mssql-analytics-tcp = [2383, 2383, "tcp", "MSSQL Analytics"] mssql-broker-tcp = [4022, 4022, "tcp", "MSSQL Broker"] - # NFS/EFS nfs-tcp = [2049, 2049, "tcp", "NFS/EFS"] - # Nomad nomad-http-tcp = [4646, 4646, "tcp", "Nomad HTTP"] nomad-rpc-tcp = [4647, 4647, "tcp", "Nomad RPC"] nomad-serf-tcp = [4648, 4648, "tcp", "Serf"] nomad-serf-udp = [4648, 4648, "udp", "Serf"] - # OpenVPN openvpn-udp = [1194, 1194, "udp", "OpenVPN"] openvpn-tcp = [943, 943, "tcp", "OpenVPN"] openvpn-https-tcp = [443, 443, "tcp", "OpenVPN"] - # PostgreSQL postgresql-tcp = [5432, 5432, "tcp", "PostgreSQL"] - # Oracle Database oracle-db-tcp = [1521, 1521, "tcp", "Oracle"] - # Puppet puppet-tcp = [8140, 8140, "tcp", "Puppet"] puppetdb-tcp = [8081, 8081, "tcp", "PuppetDB"] - # RabbitMQ rabbitmq-4369-tcp = [4369, 4369, "tcp", "RabbitMQ epmd"] rabbitmq-5671-tcp = [5671, 5671, "tcp", "RabbitMQ"] rabbitmq-5672-tcp = [5672, 5672, "tcp", "RabbitMQ"] rabbitmq-15672-tcp = [15672, 15672, "tcp", "RabbitMQ"] rabbitmq-25672-tcp = [25672, 25672, "tcp", "RabbitMQ"] - # RDP rdp-tcp = [3389, 3389, "tcp", "Remote Desktop"] rdp-udp = [3389, 3389, "udp", "Remote Desktop"] - # Redis redis-tcp = [6379, 6379, "tcp", "Redis"] - # Redshift redshift-tcp = [5439, 5439, "tcp", "Redshift"] - # Splunk splunk-indexer-tcp = [9997, 9997, "tcp", "Splunk indexer"] splunk-clients-tcp = [8080, 8080, "tcp", "Splunk clients"] splunk-splunkd-tcp = [8089, 8089, "tcp", "Splunkd"] splunk-hec-tcp = [8088, 8088, "tcp", "Splunk HEC"] - # Squid squid-proxy-tcp = [3128, 3128, "tcp", "Squid default proxy"] - # SSH ssh-tcp = [22, 22, "tcp", "SSH"] - # Storm storm-nimbus-tcp = [6627, 6627, "tcp", "Nimbus"] storm-ui-tcp = [8080, 8080, "tcp", "Storm UI"] storm-supervisor-tcp = [6700, 6703, "tcp", "Supervisor"] - # Web web-jmx-tcp = [1099, 1099, "tcp", "JMX"] - # WinRM winrm-http-tcp = [5985, 5985, "tcp", "WinRM HTTP"] winrm-https-tcp = [5986, 5986, "tcp", "WinRM HTTPS"] - # Zipkin zipkin-admin-tcp = [9990, 9990, "tcp", "Zipkin Admin port collector"] zipkin-admin-query-tcp = [9901, 9901, "tcp", "Zipkin Admin port query"] zipkin-admin-web-tcp = [9991, 9991, "tcp", "Zipkin Admin port web"] zipkin-query-tcp = [9411, 9411, "tcp", "Zipkin query port"] zipkin-web-tcp = [8080, 8080, "tcp", "Zipkin web port"] - # Zookeeper zookeeper-2181-tcp = [2181, 2181, "tcp", "Zookeeper"] zookeeper-2888-tcp = [2888, 2888, "tcp", "Zookeeper"] zookeeper-3888-tcp = [3888, 3888, "tcp", "Zookeeper"] zookeeper-jmx-tcp = [7199, 7199, "tcp", "JMX"] - # Open all ports & protocols all-all = [-1, -1, "-1", "All protocols"] all-tcp = [0, 65535, "tcp", "All TCP ports"] all-udp = [0, 65535, "udp", "All UDP ports"] all-icmp = [-1, -1, "icmp", "All IPV4 ICMP"] all-ipv6-icmp = [-1, -1, 58, "All IPV6 ICMP"] - # This is a fallback rule to pass to lookup() as default. It does not open anything, because it should never be used. _ = ["", "", ""] } @@ -173,7 +138,7 @@ variable "rules" { variable "auto_groups" { description = "Map of groups of security group rules to use to generate modules (see update_groups.sh)" - type = "map" + type = map(map(list(string))) # Valid keys - ingress_rules, egress_rules, ingress_with_self, egress_with_self default = { @@ -182,211 +147,176 @@ variable "auto_groups" { ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - cassandra = { ingress_rules = ["cassandra-clients-tcp", "cassandra-thrift-clients-tcp", "cassandra-jmx-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - consul = { ingress_rules = ["consul-tcp", "consul-cli-rpc-tcp", "consul-webui-tcp", "consul-dns-tcp", "consul-dns-udp", "consul-serf-lan-tcp", "consul-serf-lan-udp", "consul-serf-wan-tcp", "consul-serf-wan-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - docker-swarm = { ingress_rules = ["docker-swarm-mngmt-tcp", "docker-swarm-node-tcp", "docker-swarm-node-udp", "docker-swarm-overlay-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - elasticsearch = { ingress_rules = ["elasticsearch-rest-tcp", "elasticsearch-java-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - http-80 = { ingress_rules = ["http-80-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - http-8080 = { ingress_rules = ["http-8080-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - https-443 = { ingress_rules = ["https-443-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - https-8443 = { ingress_rules = ["https-8443-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ipsec-500 = { ingress_rules = ["ipsec-500-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ipsec-4500 = { ingress_rules = ["ipsec-4500-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - kafka = { ingress_rules = ["kafka-broker-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ldaps = { ingress_rules = ["ldaps-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - memcached = { ingress_rules = ["memcached-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - mongodb = { ingress_rules = ["mongodb-27017-tcp", "mongodb-27018-tcp", "mongodb-27019-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - mysql = { ingress_rules = ["mysql-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - mssql = { ingress_rules = ["mssql-tcp", "mssql-udp", "mssql-analytics-tcp", "mssql-broker-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - nfs = { ingress_rules = ["nfs-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - nomad = { ingress_rules = ["nomad-http-tcp", "nomad-rpc-tcp", "nomad-serf-tcp", "nomad-serf-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - openvpn = { ingress_rules = ["openvpn-udp", "openvpn-tcp", "openvpn-https-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - postgresql = { ingress_rules = ["postgresql-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - oracle-db = { ingress_rules = ["oracle-db-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ntp = { ingress_rules = ["ntp-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - puppet = { ingress_rules = ["puppet-tcp", "puppetdb-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - rabbitmq = { ingress_rules = ["rabbitmq-4369-tcp", "rabbitmq-5671-tcp", "rabbitmq-5672-tcp", "rabbitmq-15672-tcp", "rabbitmq-25672-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - rdp = { ingress_rules = ["rdp-tcp", "rdp-udp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - redis = { ingress_rules = ["redis-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - redshift = { ingress_rules = ["redshift-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - splunk = { ingress_rules = ["splunk-indexer-tcp", "splunk-clients-tcp", "splunk-splunkd-tcp", "splunk-hec-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - squid = { ingress_rules = ["squid-proxy-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - ssh = { ingress_rules = ["ssh-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - storm = { ingress_rules = ["storm-nimbus-tcp", "storm-ui-tcp", "storm-supervisor-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - web = { ingress_rules = ["http-80-tcp", "http-8080-tcp", "https-443-tcp", "web-jmx-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - winrm = { ingress_rules = ["winrm-http-tcp", "winrm-https-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - zipkin = { ingress_rules = ["zipkin-admin-tcp", "zipkin-admin-query-tcp", "zipkin-admin-web-tcp", "zipkin-query-tcp", "zipkin-web-tcp"] ingress_with_self = ["all-all"] egress_rules = ["all-all"] } - zookeeper = { ingress_rules = ["zookeeper-2181-tcp", "zookeeper-2888-tcp", "zookeeper-3888-tcp", "zookeeper-jmx-tcp"] ingress_with_self = ["all-all"] @@ -394,3 +324,4 @@ variable "auto_groups" { } } } + diff --git a/variables.tf b/variables.tf index 6995f9cc..0e5e69c2 100644 --- a/variables.tf +++ b/variables.tf @@ -3,29 +3,35 @@ ################# variable "create" { description = "Whether to create security group and all rules" + type = bool default = true } variable "vpc_id" { description = "ID of the VPC where to create security group" + type = "string" } variable "name" { description = "Name of security group" + type = "string" } variable "use_name_prefix" { description = "Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation" + type = "string" default = true } variable "description" { description = "Description of security group" + type = "string" default = "Security Group managed by Terraform" } variable "tags" { description = "A mapping of tags to assign to security group" + type = map(string) default = {} } @@ -34,41 +40,49 @@ variable "tags" { ########## variable "ingress_rules" { description = "List of ingress rules to create by name" + type = list(string) default = [] } variable "ingress_with_self" { description = "List of ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "ingress_with_cidr_blocks" { description = "List of ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_ipv6_cidr_blocks" { description = "List of ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "ingress_with_source_security_group_id" { description = "List of ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "ingress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all ingress rules" + type = list(string) default = [] } variable "ingress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules" + type = list(string) default = [] } @@ -77,26 +91,31 @@ variable "ingress_prefix_list_ids" { ################### variable "computed_ingress_rules" { description = "List of computed ingress rules to create by name" + type = list(string) default = [] } variable "computed_ingress_with_self" { description = "List of computed ingress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_ingress_with_cidr_blocks" { description = "List of computed ingress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_ipv6_cidr_blocks" { description = "List of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_ingress_with_source_security_group_id" { description = "List of computed ingress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } @@ -105,26 +124,31 @@ variable "computed_ingress_with_source_security_group_id" { ################################### variable "number_of_computed_ingress_rules" { description = "Number of computed ingress rules to create by name" + type = number default = 0 } variable "number_of_computed_ingress_with_self" { description = "Number of computed ingress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_ingress_with_cidr_blocks" { description = "Number of computed ingress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_ipv6_cidr_blocks" { description = "Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_ingress_with_source_security_group_id" { description = "Number of computed ingress rules to create where 'source_security_group_id' is used" + type = number default = 0 } @@ -133,41 +157,49 @@ variable "number_of_computed_ingress_with_source_security_group_id" { ######### variable "egress_rules" { description = "List of egress rules to create by name" + type = list(string) default = [] } variable "egress_with_self" { description = "List of egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "egress_with_cidr_blocks" { description = "List of egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_ipv6_cidr_blocks" { description = "List of egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "egress_with_source_security_group_id" { description = "List of egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } variable "egress_cidr_blocks" { description = "List of IPv4 CIDR ranges to use on all egress rules" + type = list(string) default = ["0.0.0.0/0"] } variable "egress_ipv6_cidr_blocks" { description = "List of IPv6 CIDR ranges to use on all egress rules" + type = list(string) default = ["::/0"] } variable "egress_prefix_list_ids" { description = "List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules" + type = list(string) default = [] } @@ -176,26 +208,31 @@ variable "egress_prefix_list_ids" { ################## variable "computed_egress_rules" { description = "List of computed egress rules to create by name" + type = list(string) default = [] } variable "computed_egress_with_self" { description = "List of computed egress rules to create where 'self' is defined" + type = list(map(string)) default = [] } variable "computed_egress_with_cidr_blocks" { description = "List of computed egress rules to create where 'cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_ipv6_cidr_blocks" { description = "List of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = list(map(string)) default = [] } variable "computed_egress_with_source_security_group_id" { description = "List of computed egress rules to create where 'source_security_group_id' is used" + type = list(map(string)) default = [] } @@ -204,25 +241,31 @@ variable "computed_egress_with_source_security_group_id" { ################################## variable "number_of_computed_egress_rules" { description = "Number of computed egress rules to create by name" + type = number default = 0 } variable "number_of_computed_egress_with_self" { description = "Number of computed egress rules to create where 'self' is defined" + type = number default = 0 } variable "number_of_computed_egress_with_cidr_blocks" { description = "Number of computed egress rules to create where 'cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_ipv6_cidr_blocks" { description = "Number of computed egress rules to create where 'ipv6_cidr_blocks' is used" + type = number default = 0 } variable "number_of_computed_egress_with_source_security_group_id" { description = "Number of computed egress rules to create where 'source_security_group_id' is used" + type = number default = 0 } + diff --git a/versions.tf b/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +}