feat: added security-group-rule description

clouddrove · Jun 15, 2023 · 4aa24ae · 4aa24ae
1 parent b01f937
commit 4aa24ae
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 11 deletions.
diff --git a/_example/new_security_group/example.tf b/_example/new_security_group/example.tf
@@ -27,9 +27,9 @@ module "security_group" {
   environment = "test"
   label_order = ["name", "environment"]
 
-  vpc_id                = module.vpc.vpc_id
-  allowed_ip            = ["172.16.0.0/16", "10.0.0.0/16"]
-  allowed_ports         = [22, 27017]
-  security_groups       = ["sg-xxxxxxxxxxxx"]
-  prefix_list_ids       = ["pl-xxxxxxxxxxxx"]
+  vpc_id          = module.vpc.vpc_id
+  allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
+  allowed_ports   = [22, 27017]
+  security_groups = ["sg-xxxxxxxxxxxx"]
+  prefix_list_ids = ["pl-xxxxxxxxxxxx"]
 }
diff --git a/_example/new_security_group_with_egress/example.tf b/_example/new_security_group_with_egress/example.tf
@@ -27,12 +27,12 @@ module "security_group" {
   environment = "test"
   label_order = ["name", "environment"]
 
-  vpc_id                = module.vpc.vpc_id
-  allowed_ip            = ["172.16.0.0/16", "10.0.0.0/16"]
-  allowed_ipv6          = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
-  allowed_ports         = [22, 27017]
-  security_groups       = ["sg-xxxxxxxxx"]
-  prefix_list_ids       = ["pl-6da54004"]
+  vpc_id          = module.vpc.vpc_id
+  allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
+  allowed_ipv6    = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
+  allowed_ports   = [22, 27017]
+  security_groups = ["sg-xxxxxxxxx"]
+  prefix_list_ids = ["pl-6da54004"]
 
   egress_rule            = true
   egress_allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]

diff --git a/main.tf b/main.tf
@@ -76,6 +76,7 @@ resource "aws_security_group_rule" "egress" {
   to_port           = 65535
   protocol          = "-1"
   cidr_blocks       = ["0.0.0.0/0"] #tfsec:ignore:aws-vpc-no-public-egress-sgr
+  description       = var.security_group_egress_rule_description
   security_group_id = local.id
 }
 resource "aws_security_group_rule" "egress_ipv6" {
@@ -87,6 +88,7 @@ resource "aws_security_group_rule" "egress_ipv6" {
   protocol          = "-1"
   ipv6_cidr_blocks  = ["::/0"] #tfsec:ignore:aws-vpc-no-public-egress-sgr
   security_group_id = local.id
+  description       = var.security_group_egress_ipv6_rule_description
   prefix_list_ids   = var.prefix_list
 }
 

diff --git a/variables.tf b/variables.tf
@@ -63,6 +63,18 @@ variable "description" {
   description = "The security group description."
 }
 
+variable "security_group_egress_rule_description" {
+  type        = string
+  default     = ""
+  description = "Description of the egress rule."
+}
+
+variable "security_group_egress_ipv6_rule_description" {
+  type        = string
+  default     = ""
+  description = "Description of the egress egress-ipv6 rule."
+}
+
 variable "allowed_ports" {
   type        = list(any)
   default     = []