fix

terraform-modules · Dec 9, 2024 · 3994044 · 3994044
1 parent 9769cb8
commit 3994044
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/rds-postgres/README.md b/rds-postgres/README.md
@@ -58,7 +58,7 @@ No modules.
 | <a name="input_egress_prefix_list_names"></a> [egress\_prefix\_list\_names](#input\_egress\_prefix\_list\_names) | List of prefix list names for eggress access | `list(string)` | `[]` | no |
 | <a name="input_egress_security_groups"></a> [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no |
 | <a name="input_enable_self"></a> [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no |
-| <a name="input_ingress_networks"></a> [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for external access (not all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_ingress_networks"></a> [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for external access (not all ports). Use null to disable built-in settings | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_ingress_prefix_list_names"></a> [ingress\_prefix\_list\_names](#input\_ingress\_prefix\_list\_names) | List of prefix list names for ingress access | `list(string)` | `[]` | no |
 | <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Security Group Name | `string` | `"m-postgres-db"` | no |

diff --git a/rds-postgres/main.tf b/rds-postgres/main.tf
@@ -54,7 +54,7 @@ resource "aws_security_group" "this_security_group" {
 
   # ingresss external port list (list + vpc if enabaled)
   dynamic "ingress" {
-    for_each = local.port_map["external"]
+    for_each = var.ingress_networks != null ? local.port_map["external"] : toset([])
     iterator = p
     content {
       description = "${local.short_description}: ${p.value["description"]}"

diff --git a/rds-postgres/variables.tf b/rds-postgres/variables.tf
@@ -46,7 +46,7 @@ variable "vpc_full_name" {
 }
 
 variable "ingress_networks" {
-  description = "List of ingress networks for external access (not all ports)"
+  description = "List of ingress networks for external access (not all ports). Use null to disable built-in settings"
   type        = list(string)
   default     = ["0.0.0.0/0"]
 }