clouddrove
diff --git a/‎.github/dependabot.yml
+38-5 b/‎.github/dependabot.yml
+38-5
diff --git a/‎.github/workflows/auto_assignee.yml
+1-1 b/‎.github/workflows/auto_assignee.yml
+1-1
diff --git a/‎.github/workflows/tf-checks.yml
+10-6 b/‎.github/workflows/tf-checks.yml
+10-6
diff --git a/‎README.yaml
+191-57 b/‎README.yaml
+191-57
@@ -2,9 +2,18 @@
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 3
+    assignees:
+      - "clouddrove-ci"
+    reviewers:
+      - "approvers"
+
   - package-ecosystem: "terraform" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
@@ -15,8 +24,11 @@ updates:
     # Add reviewer
     reviewers:
       - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "_example/new_security_group" # Location of package manifests
+    directory: "/_example/basic" # Location of package manifests
     schedule:
       interval: "weekly"
     # Add assignees
@@ -25,8 +37,11 @@ updates:
     # Add reviewer
     reviewers:
       - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "_example/new_security_group_with_egress" # Location of package manifests
+    directory: "/_example/complete" # Location of package manifests
     schedule:
       interval: "weekly"
     # Add assignees
@@ -35,13 +50,31 @@ updates:
     # Add reviewer
     reviewers:
       - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
   - package-ecosystem: "terraform" # See documentation for possible values
-    directory: "_example/updated_existing" # Location of package manifests
+    directory: "/_example/only_rules" # Location of package manifests
     schedule:
       interval: "weekly"
     # Add assignees
     assignees:
       - "clouddrove-ci"
     # Add reviewer
     reviewers:
-      - "approvers"
+      - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
+
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/_example/prefix_list" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    # Add assignees
+    assignees:
+      - "clouddrove-ci"
+    # Add reviewer
+    reviewers:
+      - "approvers"
+    # Allow up to 3 open pull requests for pip dependencies
+    open-pull-requests-limit: 3
@@ -6,7 +6,7 @@ on:
 
   workflow_dispatch:
 jobs:
-  assign-pr:
+  assignee:
     uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
 
@@ -5,15 +5,19 @@ on:
   pull_request:
   workflow_dispatch:
 jobs:
-  tf-checks-new-security-group-example:
+  tf-checks-basic-example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
-      working_directory: './_example/new_security_group/'
-  tf-checks-new-security-group-with-egres-example:
+      working_directory: './_example/basic/'
+  tf-checks-complete-example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
-      working_directory: './_example/new_security_group_with_egress/'
-  tf-checks-updated-existing-example:
+      working_directory: './_example/complete/'
+  tf-checks-only_rules-example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
-      working_directory: './_example/updated_existing/'
+      working_directory: './_example/only_rules/'
+  tf-checks-prefx_list-example:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    with:
+       working_directory: './_example/prefix_list/'
@@ -1,4 +1,11 @@
-name : Terraform Module Security-Group
+---
+#
+# This is the canonical configuration for the `README.md`
+# Run `make readme` to rebuild the `README.md`
+#
+
+# Name of this project
+name : Terraform AWS Subnet
 
 # License of this project
 license: "APACHE"
@@ -18,6 +25,9 @@ badges:
     image: "https://img.shields.io/badge/License-APACHE-blue.svg"
     url: "LICENSE.md"
 
+prerequesties:
+  - name: Terraform 1.5.4
+    url: https://learn.hashicorp.com/terraform/getting-started/install.html
 #  description of this project
 description: |-
   This terraform module creates set of Security Group and Security Group Rules resources in various combinations.
@@ -26,78 +36,202 @@ description: |-
 include:
   - "terraform.md"
 
-# How to use this project
 # How to use this project
 usage: |-
   Here are some examples of how you can use this module in your inventory structure:
-  ### NEW_SECURITY_GROUP
+  ### Basic
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
   # use this
     module "security_group" {
-      source        = "clouddrove/security-group/aws"
-      version       = "1.3.0"
-      name        = "security-group"
+      source      = "clouddrove/security-group/aws"
+      version     = "2.0.0"
+      name        = "app"
       environment = "test"
-      label_order = ["name", "environment"]
-
-      vpc_id                    = module.vpc.vpc_id
-      new_enable_security_group = true
-      allowed_ip                = ["172.16.0.0/16", "10.0.0.0/16"]
-      allowed_ports             = [22, 27017]
-      security_groups           = []
-      max_entries               = 5
-      prefix_list_enabled       = true
-      prefix_list_id            = []
-      entry = [
-        {
-          cidr        = "10.0.0.0/16"
-          description = "VPC CIDR"
+      vpc_id      = module.vpc.vpc_id
+
+      ## INGRESS Rules
+      new_sg_ingress_rules_with_cidr_blocks = [{
+        rule_count  = 1
+        from_port   = 22
+        protocol    = "tcp"
+        to_port     = 22
+        cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"]
+        description = "Allow ssh traffic."
         },
         {
-          cidr        = "10.10.0.0/24"
-          description = "VPC CIDR"
+          rule_count  = 2
+          from_port   = 27017
+          protocol    = "tcp"
+          to_port     = 27017
+          cidr_blocks = ["172.16.0.0/16"]
+          description = "Allow Mongodb traffic."
         }
       ]
+
+        ## EGRESS Rules
+      new_sg_egress_rules_with_cidr_blocks = [{
+        rule_count  = 1
+        from_port   = 22
+        protocol    = "tcp"
+        to_port     = 22
+        cidr_blocks = [module.vpc.vpc_cidr_block, "172.16.0.0/16"]
+        description = "Allow ssh outbound traffic."
+        },
+        {
+          rule_count  = 2
+          from_port   = 27017
+          protocol    = "tcp"
+          to_port     = 27017
+          cidr_blocks = ["172.16.0.0/16"]
+          description = "Allow Mongodb outbound traffic."
+        }]
     }
   ```
-  ### NEW_SECURITY_GROUP_WITH_EGRESS
-    module "security_group" {
+
+  ### ONLY RULES
+    module "security_group_rules" {
       source        = "clouddrove/security-group/aws"
-      version       = "1.3.0"
-      name        = "security-group"
-      environment = "test"
-      label_order = ["name", "environment"]
-
-      vpc_id                 = module.vpc.vpc_id
-      prefix_list_enabled    = false
-      allowed_ip             = ["172.16.0.0/16", "10.0.0.0/16"]
-      allowed_ipv6           = ["2405:201:5e00:3684:cd17:9397:5734:a167/128"]
-      allowed_ports          = [22, 27017]
-      security_groups        = ["sg-xxxxxxxxx"]
-      prefix_list_id         = ["pl-6da54004"]
-      egress_rule            = true
-      egress_allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
-      egress_allowed_ports   = [22, 27017]
-      egress_protocol        = "tcp"
-      egress_prefix_list_ids = ["pl-xxxxxxxxx"]
-      egress_security_groups = ["sg-xxxxxxxxx"]
+      version       = "2.0.0"
+      name           = "app"
+      environment    = "test"
+      vpc_id         = "vpc-xxxxxxxxx"
+      new_sg         = false
+      existing_sg_id = "sg-xxxxxxxxx"
+
+      ## INGRESS Rules
+      existing_sg_ingress_rules_with_cidr_blocks = [{
+        rule_count  = 1
+        from_port   = 22
+        protocol    = "tcp"
+        to_port     = 22
+        cidr_blocks = ["10.9.0.0/16"]
+        description = "Allow ssh traffic."
+        },
+        {
+          rule_count  = 2
+          from_port   = 27017
+          protocol    = "tcp"
+          to_port     = 27017
+          cidr_blocks = ["10.9.0.0/16"]
+          description = "Allow Mongodb traffic."
+        }
+      ]
+
+      existing_sg_ingress_rules_with_self = [{
+        rule_count  = 1
+        from_port   = 22
+        protocol    = "tcp"
+        to_port     = 22
+        description = "Allow ssh traffic."
+        },
+        {
+          rule_count  = 2
+          from_port   = 27017
+          protocol    = "tcp"
+          to_port     = 27017
+          description = "Allow Mongodb traffic."
+        }
+      ]
 
+      existing_sg_ingress_rules_with_source_sg_id = [{
+        rule_count               = 1
+        from_port                = 22
+        protocol                 = "tcp"
+        to_port                  = 22
+        source_security_group_id = "sg-xxxxxxxxx"
+        description              = "Allow ssh traffic."
+        },
+        {
+          rule_count               = 2
+          from_port                = 27017
+          protocol                 = "tcp"
+          to_port                  = 27017
+          source_security_group_id = "sg-xxxxxxxxx"
+          description              = "Allow Mongodb traffic."
+        }]
+
+      ## EGRESS Rules
+      existing_sg_egress_rules_with_cidr_blocks = [{
+        rule_count  = 1
+        from_port   = 22
+        protocol    = "tcp"
+        to_port     = 22
+        cidr_blocks = ["10.9.0.0/16"]
+        description = "Allow ssh outbound traffic."
+        },
+        {
+          rule_count  = 2
+          from_port   = 27017
+          protocol    = "tcp"
+          to_port     = 27017
+          cidr_blocks = ["10.9.0.0/16"]
+          description = "Allow Mongodb outbound traffic."
+      }]
+
+      existing_sg_egress_rules_with_self = [{
+        rule_count  = 1
+        from_port   = 22
+        protocol    = "tcp"
+        to_port     = 22
+        description = "Allow ssh outbound traffic."
+        },
+        {
+          rule_count  = 2
+          from_port   = 27017
+          protocol    = "tcp"
+          to_port     = 27017
+          description = "Allow Mongodb outbound traffic."
+      }]
+
+      existing_sg_egress_rules_with_source_sg_id = [{
+        rule_count               = 1
+        from_port                = 22
+        protocol                 = "tcp"
+        to_port                  = 22
+        source_security_group_id = "sg-xxxxxxxxx"
+        description              = "Allow ssh outbound traffic."
+        },
+        {
+          rule_count               = 2
+          from_port                = 27017
+          protocol                 = "tcp"
+          to_port                  = 27017
+          source_security_group_id = "sg-xxxxxxxxx"
+          description              = "Allow Mongodb outbound traffic."
+        }]
     }
   ```
-  ### UPDATED_EXISTING
-  module "security_group" {
-      source        = "clouddrove/security-group/aws"
-      version       = "1.3.0"
-      name        = "security-group"
-      environment = "test"
-      label_order = ["name", "environment"]
-
-      is_external     = true
-      existing_sg_id  = "sg-xxxxxxxxxxxx"
-      vpc_id          = module.vpc.vpc_id
-      allowed_ip      = ["172.16.0.0/16", "10.0.0.0/16"]
-      allowed_ports   = [22, 27017]
-      security_groups = ["sg-xxxxxxxxxxxxx"]
+
+    ### PREFIX LIST
+    module "security_group" {
+      source              = "clouddrove/security-group/aws"
+      version             = "2.0.0"
+      name                = "app"
+      environment         = "test"
+      vpc_id              = module.vpc.vpc_id
+      prefix_list_enabled = true
+      entry = [{
+        cidr = "10.19.0.0/16"
+      }]
+
+      ## INGRESS Rules
+      new_sg_ingress_rules_with_prefix_list = [{
+        rule_count  = 1
+        from_port   = 22
+        protocol    = "tcp"
+        to_port     = 22
+        description = "Allow ssh traffic."
+        }
+      ]
+      ## EGRESS Rules
+      new_sg_egress_rules_with_prefix_list = [{
+        rule_count  = 1
+        from_port   = 3306
+        protocol    = "tcp"
+        to_port     = 3306
+        description = "Allow mysql/aurora outbound traffic."
+        }
+      ]
     }
-  ```
+  ```