Do not create security group rules if var.allowed_inbound_cidr_blocks…

… is empty.
kingsoftgames · Jun 2, 2021 · c876f83 · c876f83
1 parent e12d4cb
commit c876f83
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/modules/nomad-security-group-rules/main.tf b/modules/nomad-security-group-rules/main.tf
@@ -11,6 +11,7 @@ terraform {
 # ---------------------------------------------------------------------------------------------------------------------
 
 resource "aws_security_group_rule" "allow_http_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.http_port
   to_port     = var.http_port
@@ -21,6 +22,7 @@ resource "aws_security_group_rule" "allow_http_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_rpc_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.rpc_port
   to_port     = var.rpc_port
@@ -31,6 +33,7 @@ resource "aws_security_group_rule" "allow_rpc_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_serf_tcp_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.serf_port
   to_port     = var.serf_port
@@ -41,6 +44,7 @@ resource "aws_security_group_rule" "allow_serf_tcp_inbound" {
 }
 
 resource "aws_security_group_rule" "allow_serf_udp_inbound" {
+  count       = length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0
   type        = "ingress"
   from_port   = var.serf_port
   to_port     = var.serf_port