feat: Remove prefix_list_ids attribute from _with_cidr_blocks & speci…

…fic prefix list for each rules on _with_prefix_list_ids (#325)
terraform-aws-modules · Aug 31, 2024 · 7ffb2c8 · 7ffb2c8
1 parent 20e107f
commit 7ffb2c8
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 9 deletions.
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -427,7 +427,7 @@ module "prefix_list" {
   vpc_id      = data.aws_vpc.default.id
 
   ingress_prefix_list_ids = [data.aws_prefix_list.s3.id, data.aws_prefix_list.dynamodb.id]
-  ingress_with_cidr_blocks = [
+  ingress_with_prefix_list_ids = [
     {
       from_port       = 9100
       to_port         = 9100

diff --git a/main.tf b/main.tf
@@ -202,7 +202,7 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
       join(",", var.ingress_cidr_blocks),
     ),
   ))
-  prefix_list_ids = var.ingress_prefix_list_ids
+
   description = lookup(
     var.ingress_with_cidr_blocks[count.index],
     "description",
@@ -214,11 +214,13 @@ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
     "from_port",
     var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")][0],
   )
+
   to_port = lookup(
     var.ingress_with_cidr_blocks[count.index],
     "to_port",
     var.rules[lookup(var.ingress_with_cidr_blocks[count.index], "rule", "_")][1],
   )
+
   protocol = lookup(
     var.ingress_with_cidr_blocks[count.index],
     "protocol",
@@ -241,7 +243,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
       join(",", var.ingress_cidr_blocks),
     ),
   ))
-  prefix_list_ids = var.ingress_prefix_list_ids
+
   description = lookup(
     var.computed_ingress_with_cidr_blocks[count.index],
     "description",
@@ -257,6 +259,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
       "_",
     )][0],
   )
+
   to_port = lookup(
     var.computed_ingress_with_cidr_blocks[count.index],
     "to_port",
@@ -266,6 +269,7 @@ resource "aws_security_group_rule" "computed_ingress_with_cidr_blocks" {
       "_",
     )][1],
   )
+
   protocol = lookup(
     var.computed_ingress_with_cidr_blocks[count.index],
     "protocol",
@@ -437,7 +441,15 @@ resource "aws_security_group_rule" "ingress_with_prefix_list_ids" {
   security_group_id = local.this_sg_id
   type              = "ingress"
 
-  prefix_list_ids = var.ingress_prefix_list_ids
+  prefix_list_ids = compact(split(
+    ",",
+    lookup(
+      var.ingress_with_prefix_list_ids[count.index],
+      "prefix_list_ids",
+      join(",", var.ingress_prefix_list_ids)
+    )
+  ))
+
   description = lookup(
     var.ingress_with_prefix_list_ids[count.index],
     "description",
@@ -449,11 +461,13 @@ resource "aws_security_group_rule" "ingress_with_prefix_list_ids" {
     "from_port",
     var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
   )
+
   to_port = lookup(
     var.ingress_with_prefix_list_ids[count.index],
     "to_port",
     var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
   )
+
   protocol = lookup(
     var.ingress_with_prefix_list_ids[count.index],
     "protocol",
@@ -468,7 +482,15 @@ resource "aws_security_group_rule" "computed_ingress_with_prefix_list_ids" {
   security_group_id = local.this_sg_id
   type              = "ingress"
 
-  prefix_list_ids = var.ingress_prefix_list_ids
+  prefix_list_ids = compact(split(
+    ",",
+    lookup(
+      var.ingress_with_prefix_list_ids[count.index],
+      "prefix_list_ids",
+      join(",", var.ingress_prefix_list_ids)
+    )
+  ))
+
   description = lookup(
     var.ingress_with_prefix_list_ids[count.index],
     "description",
@@ -480,11 +502,13 @@ resource "aws_security_group_rule" "computed_ingress_with_prefix_list_ids" {
     "from_port",
     var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
   )
+
   to_port = lookup(
     var.ingress_with_prefix_list_ids[count.index],
     "to_port",
     var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
   )
+
   protocol = lookup(
     var.ingress_with_prefix_list_ids[count.index],
     "protocol",
@@ -639,7 +663,7 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" {
       join(",", var.egress_cidr_blocks),
     ),
   ))
-  prefix_list_ids = var.egress_prefix_list_ids
+
   description = lookup(
     var.egress_with_cidr_blocks[count.index],
     "description",
@@ -651,11 +675,13 @@ resource "aws_security_group_rule" "egress_with_cidr_blocks" {
     "from_port",
     var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")][0],
   )
+
   to_port = lookup(
     var.egress_with_cidr_blocks[count.index],
     "to_port",
     var.rules[lookup(var.egress_with_cidr_blocks[count.index], "rule", "_")][1],
   )
+
   protocol = lookup(
     var.egress_with_cidr_blocks[count.index],
     "protocol",
@@ -678,7 +704,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
       join(",", var.egress_cidr_blocks),
     ),
   ))
-  prefix_list_ids = var.egress_prefix_list_ids
+
   description = lookup(
     var.computed_egress_with_cidr_blocks[count.index],
     "description",
@@ -694,6 +720,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
       "_",
     )][0],
   )
+
   to_port = lookup(
     var.computed_egress_with_cidr_blocks[count.index],
     "to_port",
@@ -703,6 +730,7 @@ resource "aws_security_group_rule" "computed_egress_with_cidr_blocks" {
       "_",
     )][1],
   )
+
   protocol = lookup(
     var.computed_egress_with_cidr_blocks[count.index],
     "protocol",
@@ -875,7 +903,15 @@ resource "aws_security_group_rule" "egress_with_prefix_list_ids" {
   security_group_id = local.this_sg_id
   type              = "egress"
 
-  prefix_list_ids = var.egress_prefix_list_ids
+  prefix_list_ids = compact(split(
+    ",",
+    lookup(
+      var.egress_with_prefix_list_ids[count.index],
+      "prefix_list_ids",
+      join(",", var.egress_prefix_list_ids)
+    ))
+  )
+
   description = lookup(
     var.egress_with_prefix_list_ids[count.index],
     "description",
@@ -891,6 +927,7 @@ resource "aws_security_group_rule" "egress_with_prefix_list_ids" {
       "_",
     )][0],
   )
+
   to_port = lookup(
     var.egress_with_prefix_list_ids[count.index],
     "to_port",
@@ -900,6 +937,7 @@ resource "aws_security_group_rule" "egress_with_prefix_list_ids" {
       "_",
     )][1],
   )
+
   protocol = lookup(
     var.egress_with_prefix_list_ids[count.index],
     "protocol",
@@ -919,7 +957,16 @@ resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" {
   type              = "egress"
 
   source_security_group_id = var.computed_egress_with_prefix_list_ids[count.index]["source_security_group_id"]
-  prefix_list_ids          = var.egress_prefix_list_ids
+
+  prefix_list_ids = compact(split(
+    ",",
+    lookup(
+      var.computed_egress_with_prefix_list_ids[count.index],
+      "prefix_list_ids",
+      join(",", var.egress_prefix_list_ids)
+    )
+  ))
+
   description = lookup(
     var.computed_egress_with_prefix_list_ids[count.index],
     "description",
@@ -935,6 +982,7 @@ resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" {
       "_",
     )][0],
   )
+
   to_port = lookup(
     var.computed_egress_with_prefix_list_ids[count.index],
     "to_port",
@@ -944,6 +992,7 @@ resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" {
       "_",
     )][1],
   )
+
   protocol = lookup(
     var.computed_egress_with_prefix_list_ids[count.index],
     "protocol",