allow optional / no egress security rule

[wilkej]

Describe the Feature

I would like the option to disable the egress security rule deployed by the module

resource "aws_security_group_rule" "egress" {
  count             = module.this.enabled ? 1 : 0
  type              = "egress"
  description       = "Allow all egress traffic"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = join("", aws_security_group.default.*.id)
}

Expected Behavior

Allow to disable (optional) to remove the security group. The outbound rule isn't required as security groups are statefull and the document db itself won't open a connection to the outside.

Use Case

Scanning the file with TF_SEC throws an error

Problem 1

  [AWS007][WARNING] Resource 'module.docdb_cluster:aws_security_group_rule.egress' defines a fully open egress security group rule.

      13 |   from_port         = 0
      14 |   to_port           = 0
      15 |   protocol          = "-1"
      16 |   cidr_blocks       = ["0.0.0.0/0"]
      17 |   security_group_id = join("", aws_security_group.default.*.id)
      18 | }
      19 | 

  See https://tfsec.dev/docs/aws/AWS007/ for more information.

  disk i/o             114.710197ms
  parsing HCL          576.897µs
  evaluating values    94.868063ms
  running checks       996.996µs
  files loaded         23

1 potential problems detected.

Describe Ideal Solution

Allow to disable (optional) to remove the security group. The outbound rule isn't required as security groups are statefull and the document db itself won't open a connection to the outside.