diff --git a/README.md b/README.md
index 3a548a9..6a319a7 100644
--- a/README.md
+++ b/README.md
@@ -236,7 +236,7 @@ Available targets:
| Name | Source | Version |
|------|--------|---------|
| [label](#module\_label) | cloudposse/label/null | 0.25.0 |
-| [security\_group](#module\_security\_group) | cloudposse/security-group/aws | 0.3.1 |
+| [security\_group](#module\_security\_group) | cloudposse/security-group/aws | 2.2.0 |
| [ssh\_key\_pair](#module\_ssh\_key\_pair) | cloudposse/key-pair/aws | 0.19.0 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -318,8 +318,8 @@ Available targets:
| [root\_volume\_type](#input\_root\_volume\_type) | Type of root volume. Can be standard, gp2 or io1 | `string` | `"gp2"` | no |
| [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"EC2 instances Security Group"` | no |
| [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for EC2 instances. | `bool` | `true` | no |
-| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` |
[
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Allow all outbound traffic",
"from_port": 0,
"protocol": "-1",
"to_port": 65535,
"type": "egress"
}
]
| no |
-| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no |
+| [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the VPC.
If not provided, will be derived from the `null-label.context` passed in.
If `create_before_destroy` is true, will be used as a name prefix. | `list(string)` | `[]` | no |
+| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` | `[]` | no |
| [security\_groups](#input\_security\_groups) | A list of Security Group IDs to associate with EC2 instances. | `list(string)` | `[]` | no |
| [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs | `bool` | `true` | no |
| [ssh\_key\_pair](#input\_ssh\_key\_pair) | SSH key pair to be provisioned on the instance | `string` | `""` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 71ccfe9..21223e5 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -17,7 +17,7 @@
| Name | Source | Version |
|------|--------|---------|
| [label](#module\_label) | cloudposse/label/null | 0.25.0 |
-| [security\_group](#module\_security\_group) | cloudposse/security-group/aws | 0.3.1 |
+| [security\_group](#module\_security\_group) | cloudposse/security-group/aws | 2.2.0 |
| [ssh\_key\_pair](#module\_ssh\_key\_pair) | cloudposse/key-pair/aws | 0.19.0 |
| [this](#module\_this) | cloudposse/label/null | 0.25.0 |
@@ -99,8 +99,8 @@
| [root\_volume\_type](#input\_root\_volume\_type) | Type of root volume. Can be standard, gp2 or io1 | `string` | `"gp2"` | no |
| [security\_group\_description](#input\_security\_group\_description) | The Security Group description. | `string` | `"EC2 instances Security Group"` | no |
| [security\_group\_enabled](#input\_security\_group\_enabled) | Whether to create default Security Group for EC2 instances. | `bool` | `true` | no |
-| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` | [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Allow all outbound traffic",
"from_port": 0,
"protocol": "-1",
"to_port": 65535,
"type": "egress"
}
]
| no |
-| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Whether to create a default Security Group with unique name beginning with the normalized prefix. | `bool` | `false` | no |
+| [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the VPC.
If not provided, will be derived from the `null-label.context` passed in.
If `create_before_destroy` is true, will be used as a name prefix. | `list(string)` | `[]` | no |
+| [security\_group\_rules](#input\_security\_group\_rules) | A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . | `list(any)` | `[]` | no |
| [security\_groups](#input\_security\_groups) | A list of Security Group IDs to associate with EC2 instances. | `list(string)` | `[]` | no |
| [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs | `bool` | `true` | no |
| [ssh\_key\_pair](#input\_ssh\_key\_pair) | SSH key pair to be provisioned on the instance | `string` | `""` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 7f2c024..9c4e919 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -59,13 +59,6 @@ module "ec2_instance_group" {
delete_on_termination = var.delete_on_termination
security_group_rules = [
- {
- type = "egress"
- from_port = 0
- to_port = 65535
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- },
{
type = "ingress"
from_port = 22
diff --git a/security_group.tf b/security_group.tf
index 78dc308..cdb462b 100644
--- a/security_group.tf
+++ b/security_group.tf
@@ -1,11 +1,11 @@
module "security_group" {
source = "cloudposse/security-group/aws"
- version = "0.3.1"
+ version = "2.2.0"
- use_name_prefix = var.security_group_use_name_prefix
- rules = var.security_group_rules
- description = var.security_group_description
- vpc_id = var.vpc_id
+ security_group_name = var.security_group_name
+ rules = var.security_group_rules
+ security_group_description = var.security_group_description
+ vpc_id = var.vpc_id
enabled = local.security_group_enabled
context = module.this.context
diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go
index a5d1e65..9cf30cf 100644
--- a/test/src/examples_complete_test.go
+++ b/test/src/examples_complete_test.go
@@ -54,8 +54,8 @@ func TestExamplesComplete(t *testing.T) {
// Run `terraform output` to get the value of an output variable
securityGroupName := terraform.Output(t, terraformOptions, "security_group_name")
expectedSecurityGroupName := "eg-test-ec2-group-test-" + randId
- // Verify we're getting back the outputs we expect
- assert.Equal(t, expectedSecurityGroupName, securityGroupName)
+ // SG name is used as a prefix in this case because we use create_before_destroy here.
+ assert.Contains(t, securityGroupName, expectedSecurityGroupName, "Expected security_group_name to start with " + expectedSecurityGroupName)
// Run `terraform output` to get the value of an output variable
securityGroupID := terraform.Output(t, terraformOptions, "security_group_id")
diff --git a/variables.tf b/variables.tf
index 9d3cdaa..7c36592 100644
--- a/variables.tf
+++ b/variables.tf
@@ -57,24 +57,23 @@ variable "security_group_description" {
description = "The Security Group description."
}
-variable "security_group_use_name_prefix" {
- type = bool
- default = false
- description = "Whether to create a default Security Group with unique name beginning with the normalized prefix."
+variable "security_group_name" {
+ type = list(string)
+ description = <<-EOT
+ The name to assign to the security group. Must be unique within the VPC.
+ If not provided, will be derived from the `null-label.context` passed in.
+ If `create_before_destroy` is true, will be used as a name prefix.
+ EOT
+ default = []
+ validation {
+ condition = length(var.security_group_name) < 2
+ error_message = "Only 1 security group name can be provided."
+ }
}
variable "security_group_rules" {
- type = list(any)
- default = [
- {
- type = "egress"
- from_port = 0
- to_port = 65535
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- description = "Allow all outbound traffic"
- }
- ]
+ type = list(any)
+ default = []
description = <<-EOT
A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.