From 0051f587ad28b33c7dc74b0a2f65a2ea1d0f6326 Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 9 Dec 2024 12:36:05 -0500 Subject: [PATCH] * 2.4.0 -- 2024-12-09 - rds-postgres - update to use prefix list(s) as variable prefix_list_names --- CHANGELOG.md | 4 ++++ common/version.tf | 2 +- rds-postgres/README.md | 7 +++++-- rds-postgres/main.tf | 18 ++++++++++++++++++ 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 496559b..0721b23 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -47,6 +47,10 @@ - ois-scanner - update to use prefix list ois-scanner.base +* 2.4.0 -- 2024-12-09 + - rds-postgres + - update to use prefix list(s) as variable prefix_list_names + # OLDER ## web diff --git a/common/version.tf b/common/version.tf index 03d330b..f403a49 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "2.3.0" + _module_version = "2.4.0" } diff --git a/rds-postgres/README.md b/rds-postgres/README.md index 9cc7a1d..0ed01c6 100644 --- a/rds-postgres/README.md +++ b/rds-postgres/README.md @@ -13,6 +13,7 @@ module "postgres" { vpc_id = var.vpc_id ## optional # name = "m-postgres-db" + # prefix_list_names = [ "rds-postgres.edl.project" ] ## tags for Name, CostAllocation, and Environment are pre-set, but they can be overriden # tags = { } @@ -23,13 +24,14 @@ module "postgres" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12 | +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 3.66.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | n/a | +| [aws](#provider\_aws) | >= 3.66.0 | ## Modules @@ -40,6 +42,7 @@ No modules. | Name | Type | |------|------| | [aws_security_group.this_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_ec2_managed_prefix_list.prefix_list](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source | | [aws_security_group.egress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | | [aws_security_group.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | | [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | diff --git a/rds-postgres/main.tf b/rds-postgres/main.tf index 21126bb..f7dd256 100644 --- a/rds-postgres/main.tf +++ b/rds-postgres/main.tf @@ -14,6 +14,7 @@ * vpc_id = var.vpc_id * ## optional * # name = "m-postgres-db" +* # prefix_list_names = [ "rds-postgres.edl.project" ] * * ## tags for Name, CostAllocation, and Environment are pre-set, but they can be overriden * # tags = { } @@ -63,6 +64,22 @@ resource "aws_security_group" "this_security_group" { } } + + # ingress with prefix lists + ingress { + for_each = length(var.prefix_list_names) > 0 ? local.port_map["external"] : {} + iterator = p + content { + description = "${local.short_description}: ${p.value["description"]}" + from_port = p.value["from"] + to_port = p.value["to"] + protocol = p.value["proto"] + cidr_blocks = length(p.value["cidr"]) == 0 ? local.external_ingress_networks : p.value["cidr"] + prefix_list_ids = [for pl in data.aws_ec2_managed_prefix_list.prefix_list : pl.id] + } + } + + # ingress security group ids (all) dynamic "ingress" { for_each = local.ingress_sg @@ -89,6 +106,7 @@ resource "aws_security_group" "this_security_group" { } } + # egress all egress { description = "${local.short_description}: All"