fix: variable added to enable or disable policy

clouddrove · Aug 30, 2023 · 27f7786 · 27f7786
1 parent 115d1e3
commit 27f7786
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 11 deletions.
diff --git a/_example/example.tf b/_example/example.tf
@@ -44,10 +44,10 @@ module "efs" {
   subnets                   = module.subnets.public_subnet_id
   security_groups           = [module.vpc.vpc_default_security_group_id]
   efs_backup_policy_enabled = true
-  allow_cidr                = ["10.0.0.0/16"] #vpc_cidr
+  allow_cidr                = [module.vpc.vpc_cidr_block] #vpc_cidr
   replication_enabled       = true
   replication_configuration_destination = {
     region                 = "eu-west-2"
     availability_zone_name = ["eu-west-2a", "eu-west-2b"]
   }
-}
+}
diff --git a/main.tf b/main.tf
@@ -127,7 +127,7 @@ resource "aws_efs_replication_configuration" "this" {
 }
 
 resource "aws_efs_file_system_policy" "this" {
-  count = var.efs_enabled ? 1 : 0
+  count = var.efs_enabled && var.aws_efs_file_system_policy? 1 : 0
 
   file_system_id                     = aws_efs_file_system.default[0].id
   bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check

diff --git a/variables.tf b/variables.tf
@@ -33,42 +33,42 @@ variable "security_groups" {
 }
 variable "from_port" {
   type        = number
-  default   = 2049
+  default     = 2049
   description = "Security group IDs to allow access to the EFS"
 }
 
 variable "to_port" {
   type        = number
-  default   = 2049
+  default     = 2049
   description = "Security group IDs to allow access to the EFS"
 }
 
 variable "egress_from_port" {
   type        = number
-  default   = 0
+  default     = 0
   description = "Security group IDs to allow access to the EFS"
 }
 variable "egress_to_port" {
   type        = number
-  default   = 0
+  default     = 0
   description = "Security group IDs to allow access to the EFS"
 }
 
 variable "protocol" {
   type        = string
-  default   = "tcp"
+  default     = "tcp"
   description = "Security group IDs to allow access to the EFS"
 }
 
 variable "egress_protocol" {
   type        = number
-  default   = -1
+  default     = -1
   description = "Security group IDs to allow access to the EFS"
 }
 
 variable "egress_cidr_blocks" {
   type        = list(string)
-  default   = ["0.0.0.0/0"]
+  default     = ["0.0.0.0/0"]
   description = "Security group IDs to allow access to the EFS"
 }
 
@@ -181,6 +181,12 @@ variable "bypass_policy_lockout_safety_check" {
   default     = null
 }
 
+variable "aws_efs_file_system_policy" {
+  description = "A flag to enable or disable aws efs file system policy . Defaults to `false`"
+  type        = bool
+  default     = false
+}
+
 variable "replication_configuration_destination" {
   description = "A destination configuration block"
   type        = any
@@ -208,5 +214,5 @@ variable "policy_statements" {
 variable "deny_nonsecure_transport" {
   description = "Determines whether `aws:SecureTransport` is required when connecting to elastic file system"
   type        = bool
-  default     = true
+  default     = false
 }