Variable to disable default security group

RaJiska · Dec 4, 2023 · c8e9959 · c8e9959
1 parent f8e8ca0
commit c8e9959
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 12 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,4 +2,5 @@
 .terraform.lock.hcl
 .terraform.tfstate.lock.info
 terraform.tfstate
-terraform.tfstate.backup
+terraform.tfstate.backup
+TODO
diff --git a/docs/header.md b/docs/header.md
@@ -27,8 +27,8 @@ module "fck-nat" {
 
   update_route_tables = true
   route_tables_ids = {
-    "your-rtb-name-A' = "rtb-abc1234Foo"
-    "your-rtb-name-B' = "rtb-abc1234Bar"
+    "your-rtb-name-A" = "rtb-abc1234Foo"
+    "your-rtb-name-B" = "rtb-abc1234Bar"
   }
 }
 ```
diff --git a/ec2.tf b/ec2.tf
@@ -55,10 +55,7 @@ resource "aws_launch_template" "main" {
     description                 = "${var.name} ephemeral public ENI"
     subnet_id                   = var.subnet_id
     associate_public_ip_address = true
-    security_groups = concat(
-      [aws_security_group.main.id],
-      var.additional_security_group_ids
-    )
+    security_groups             = local.security_groups
   }
 
   dynamic "instance_market_options" {

diff --git a/main.tf b/main.tf
@@ -3,6 +3,7 @@ locals {
   ami_id             = var.ami_id != null ? var.ami_id : data.aws_ami.main[0].id
   cwagent_param_arn  = var.use_cloudwatch_agent ? var.cloudwatch_agent_configuration_param_arn != null ? var.cloudwatch_agent_configuration_param_arn : aws_ssm_parameter.cloudwatch_agent_config[0].arn : null
   cwagent_param_name = var.use_cloudwatch_agent ? var.cloudwatch_agent_configuration_param_arn != null ? split("/", data.aws_arn.ssm_param[0].resource)[1] : aws_ssm_parameter.cloudwatch_agent_config[0].name : null
+  security_groups    = concat(var.use_default_security_group ? [aws_security_group.main.id] : [], var.additional_security_group_ids)
 }
 
 data "aws_region" "current" {}

diff --git a/variables.tf b/variables.tf
@@ -111,14 +111,20 @@ variable "cloudwatch_agent_configuration_param_arn" {
   default     = null
 }
 
-variable "tags" {
-  description = "Tags to apply to resources created within the module"
-  type        = map(string)
-  default     = {}
+variable "use_default_security_group" {
+  description = "Whether or not to use the default security group for the NAT instance"
+  type        = bool
+  default     = true
 }
 
 variable "additional_security_group_ids" {
-  description = "A list of identifiers of security groups to be added to the EC2 instance"
+  description = "A list of identifiers of security groups to be added for the NAT instance"
   type        = list(string)
   default     = []
+}
+
+variable "tags" {
+  description = "Tags to apply to resources created within the module"
+  type        = map(string)
+  default     = {}
 }