@@ -16,8 +16,12 @@ module "labels" {
1616 managedby = . managedby
1717 label_order = . label_order
1818}
19+
1920locals {
20- security_group_count = . enable_security_group == true ? 1 : 0
21+ security_group_count = . enable_security_group == true ? 1 : 0
22+ enable_cidr_rules = . enable_security_group && (length (var. allowed_ip ) > 0 )
23+ enable_source_sec_group_rules = . enable_security_group && (length (var. security_groups ) > 0 )
24+ ports_source_sec_group_product = setproduct (compact (var. allowed_ports ), compact (var. security_groups ))
2125}
2226
2327# Module : SECURITY GROUP
@@ -53,7 +57,7 @@ resource "aws_security_group_rule" "egress" {
5357# Description : Provides a security group rule resource. Represents a single ingress
5458# group rule, which can be added to external Security Groups.
5559resource "aws_security_group_rule" "ingress" {
56- count = var . enable_security_group == true ? length (compact (var. allowed_ports )) : 0
60+ count = local . enable_cidr_rules == true ? length (compact (var. allowed_ports )) : 0
5761
5862 type = " ingress"
5963 from_port = element (var. allowed_ports , count. index )
@@ -62,3 +66,14 @@ resource "aws_security_group_rule" "ingress" {
6266 cidr_blocks = . allowed_ip
6367 security_group_id = . default [0 ]. id
6468}
69+
70+ resource "aws_security_group_rule" "ingress_sg" {
71+ count = . enable_source_sec_group_rules == true ? length (local. ports_source_sec_group_product ) : 0
72+
73+ type = " ingress"
74+ from_port = element (element (local. ports_source_sec_group_product , count. index ), 0 )
75+ to_port = element (element (local. ports_source_sec_group_product , count. index ), 0 )
76+ protocol = . protocol
77+ source_security_group_id = element (element (local. ports_source_sec_group_product , count. index ), 1 )
78+ security_group_id = . default [0 ]. id
79+ }
0 commit comments