feat: Add SG Ingress/Egress vars

.editorconfig

@@ -8,7 +8,7 @@ end_of_line = lf
 indent_size = 2
 indent_style = space
 insert_final_newline = true
-max_line_length = 80
+max_line_length = 120
 trim_trailing_whitespace = true
 
 [*.md]

.github/.templatesyncignore

@@ -0,0 +1,9 @@
+README.md
+.github/workflows/*
+.terraform-docs.yml
+docs/20-badges.md
+docs/assets/logo.svg
+*.tf
+test/*
+go.mod
+go.sum

.github/dependabot.yml

@@ -0,0 +1,32 @@
+---
+##############################
+## Dependabot configuration ##
+##############################
+
+#
+# Documentation:
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
+#
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0
+
+  # Maintain dependencies for Terraform Providers
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0
+
+  # Maintain dependencies for Golang
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0

.github/workflows/release.yaml

@@ -1,7 +1,7 @@
 ---
-####################################
-## Draft releases on Push to main ##
-####################################
+#####################
+## Create releases ##
+#####################
 
 #
 # Documentation:
@@ -13,9 +13,8 @@ on:
   push:
     branches: [ main ]
     tags: [ 'v*.*.*' ]
-
-permissions:
-  contents: write
+  pull_request:
+    types: [ labeled ]
 
 #################
 # Start the job #
@@ -26,6 +25,7 @@ jobs:
   ###############
   create-release:
     name: Create Release
+    if: github.event.action != 'labeled'
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
@@ -75,3 +75,22 @@ jobs:
           tag_name: ${{ steps.tag.outputs.value }}
           draft: false
           prerelease: false
+
+  ###########################
+  # Release preview comment #
+  ###########################
+  release-check:
+    if: github.event.action == 'labeled'
+    runs-on: ubuntu-latest
+    steps:
+      ############################
+      # Checkout the source code #
+      ############################
+      - name: Checkout Code
+        uses: actions/checkout@v3.1.0
+
+      #######################
+      # Post status comment #
+      #######################
+      - name: Post bumpr status comment
+        uses: haya14busa/action-bumpr@v1

.github/workflows/sync-templates.yaml

@@ -10,7 +10,9 @@
 
 name: Sync templates
 on:
-  workflow_dispatch:
+  workflow_dispatch: # Trigger manually
+  schedule:
+    - cron:  "0 0 1 * *"  # Run at 00:00 on the first day of every month
 
 ##########################
 # Prevent duplicate jobs #
@@ -36,7 +38,7 @@ jobs:
       - name: Sync labels
         uses: EndBug/label-sync@v2.3.1
         with:
-          config-file: https://raw.githubusercontent.com/geekcell/template-terraform-module/main/.github/labels.yaml
+          config-file: https://gist.githubusercontent.com/Ic3w0lf/f5520c5f19d7098966f692c120f7a197/raw/75b134f76fbc55e2e64bd66f04e571d6d74b815e/terraform-aws-module-labels.yaml
 
   #######################
   # Sync template files #
@@ -50,33 +52,12 @@ jobs:
       ############################
       - name: Checkout Code
         uses: actions/checkout@v3.1.0
-        with:
-          token: ${{ secrets.GEEKCELL_PAT_WORKFLOWS }}
-
-      ########################
-      # Patch template files #
-      ########################
-      - name: Force patching of template files
-        run: |
-          yes y | make setup/update-template
-
-      ####################
-      # Update README.md #
-      ####################
-      - name: Terraform docs
-        uses: terraform-docs/gh-actions@v1.0.0
-        with:
-          config-file: .terraform-docs.yml
-          git-push: false
 
-      #############
-      # Create PR #
-      #############
-      - name: Create PR
-        uses: peter-evans/create-pull-request@v4.2.0
+      #######################
+      # Sync template files #
+      #######################
+      - name: actions-template-sync
+        uses: AndreasAugustin/actions-template-sync@v0.7.3
         with:
-          token: ${{ secrets.GEEKCELL_PAT_WORKFLOWS }}
-          title: Updated template files
-          commit-message: Update template files from main repo
-          branch: update-template-files
-          delete-branch: true
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          source_repo_path: geekcell/terraform-aws-module-template

.github/workflows/test.yaml

@@ -1,24 +1,41 @@
-name: Test
+---
+###############
+## Run tests ##
+###############
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
 
+name: Test
 on:
   pull_request:
-  workflow_dispatch:
   push:
     branches: [ main ]
 
-permissions:
-  id-token: write
-  contents: read
-
+##########################
+# Prevent duplicate jobs #
+##########################
 concurrency:
   group: ${{ github.repository }}
   cancel-in-progress: false
 
+permissions:
+  id-token: write
+  contents: read
+
+###############
+# Run the job #
+###############
 jobs:
-  test:
-    name: Terraform Tests
+  terratest:
+    name: Terratest
     runs-on: ubuntu-latest
     steps:
+      ############################
+      # Checkout the source code #
+      ############################
       - name: Checkout
         uses: actions/checkout@v3
 
@@ -32,11 +49,18 @@ jobs:
           aws-region: ${{ vars.AWS_TESTING_REGION }}
           mask-aws-account-id: false
 
+      ################
+      # Setup Golang #
+      ################
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
           go-version-file: 'go.mod'
 
+      #############
+      # Run tests #
+      #############
       - name: Run Tests
+        timeout-minutes: 30
         working-directory: test
-        run: go test -v -timeout 30m
+        run: go test -v

.pre-commit-config.yaml

@@ -1,16 +1,18 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.80.0
     hooks:
       - id: terraform_docs
       - id: terraform_fmt
       - id: terraform_validate
+        args:
+          - --hook-config=--retry-once-with-cleanup=true
         exclude: '^[^/]+$'
       - id: terraform_tflint
         exclude: ^examples/
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer

.terraform-docs.yml

@@ -1,10 +1,14 @@
 formatter: "md table"
 header-from: main.tf
 
+recursive:
+  # Enable this if your module has submodules
+  enabled: false
+
 content: |-
-  {{ include "docs/logo.md" }}
+  {{ include "docs/10-header.md" }}
 
-  {{ include "docs/badges.md" }}
+  {{ include "docs/20-badges.md" }}
 
   {{ .Header }}
 

README.md

@@ -1,5 +1,5 @@
 <!-- BEGIN_TF_DOCS -->
-[![Geek Cell GmbH](https://github.com/raw/geekcell/template-terraform-module/main/docs/assets/logo.svg)](https://www.geekcell.io/)
+[![Geek Cell GmbH](https://github.com/raw/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)
 
 ### Code Quality
 [![License](https://img.shields.io/github/license/geekcell/terraform-aws-application-load-balancer)](https://github.com/geekcell/terraform-aws-application-load-balancer/blob/master/LICENSE)
@@ -8,6 +8,9 @@
 [![Validate](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/validate.yaml)
 [![Lint](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/linter.yaml)
 
+<!--
+Comment in if Bridgecrew is configured
+
 ### Security
 [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-application-load-balancer/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-application-load-balancer&benchmark=INFRASTRUCTURE+SECURITY)
 
@@ -33,6 +36,8 @@
 [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-application-load-balancer/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-application-load-balancer&benchmark=HIPAA)
 [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-application-load-balancer/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-application-load-balancer&benchmark=FEDRAMP+%28MODERATE%29)
 
+-->
+
 # Terraform AWS Application Load Balancer
 
 This Terraform module provides a preconfigured solution for setting up an
@@ -55,6 +60,7 @@ preconfigured solution for high availability and scalability.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_logs_bucket_id"></a> [access\_logs\_bucket\_id](#input\_access\_logs\_bucket\_id) | The S3 bucket name to store the logs in. | `string` | `""` | no |
+| <a name="input_access_logs_bucket_prefix"></a> [access\_logs\_bucket\_prefix](#input\_access\_logs\_bucket\_prefix) | The S3 bucket prefix. Logs are stored in the root if not configured. | `string` | `""` | no |
 | <a name="input_customer_owned_ipv4_pool"></a> [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The ID of the customer owned ipv4 pool to use for this load balancer. | `string` | `null` | no |
 | <a name="input_desync_mitigation_mode"></a> [desync\_mitigation\_mode](#input\_desync\_mitigation\_mode) | Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. | `string` | `"strictest"` | no |
 | <a name="input_drop_invalid_header_fields"></a> [drop\_invalid\_header\_fields](#input\_drop\_invalid\_header\_fields) | Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). | `bool` | `false` | no |
@@ -70,6 +76,8 @@ preconfigured solution for high availability and scalability.
 | <a name="input_ip_address_type"></a> [ip\_address\_type](#input\_ip\_address\_type) | The type of IP addresses used by the subnets for your load balancer. | `string` | `"ipv4"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name or prefix of the Role. | `string` | n/a | yes |
 | <a name="input_preserve_host_header"></a> [preserve\_host\_header](#input\_preserve\_host\_header) | Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. | `bool` | `false` | no |
+| <a name="input_security_group_egress_rules"></a> [security\_group\_egress\_rules](#input\_security\_group\_egress\_rules) | A list of CIDR blocks to allow ingress traffic from. | `any` | `[]` | no |
+| <a name="input_security_group_ingress_rules"></a> [security\_group\_ingress\_rules](#input\_security\_group\_ingress\_rules) | A list of CIDR blocks to allow ingress traffic from. | `any` | `[]` | no |
 | <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | A list of security group IDs to assign to the LB. | `list(string)` | `[]` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | A list of subnet IDs to attach to the LB. | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to add to the Role. | `map(any)` | `{}` | no |
@@ -102,7 +110,7 @@ preconfigured solution for high availability and scalability.
 ```hcl
 module "vpc" {
   source  = "registry.terraform.io/terraform-aws-modules/vpc/aws"
-  version = "~> 3.19"
+  version = "~> 5.0.0"
 
   name           = "main"
   cidr           = "10.100.0.0/16"

docs/10-header.md

@@ -0,0 +1 @@
+[![Geek Cell GmbH](https://github.com/raw/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)

docs/badges.md → docs/20-badges.md

@@ -5,6 +5,9 @@
 [![Validate](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/validate.yaml)
 [![Lint](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-application-load-balancer/actions/workflows/linter.yaml)
 
+<!--
+Comment in if Bridgecrew is configured
+
 ### Security
 [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-application-load-balancer/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-application-load-balancer&benchmark=INFRASTRUCTURE+SECURITY)
 
@@ -29,3 +32,5 @@
 [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-application-load-balancer/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-application-load-balancer&benchmark=NIST-800-53)
 [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-application-load-balancer/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-application-load-balancer&benchmark=HIPAA)
 [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/geekcell/terraform-aws-application-load-balancer/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=geekcell%2Fterraform-aws-application-load-balancer&benchmark=FEDRAMP+%28MODERATE%29)
+
+-->