From 39940446c579c0e9f06e897b77e8aec01b2da18d Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 9 Dec 2024 13:37:28 -0500
Subject: [PATCH] fix

---
 rds-postgres/README.md    | 2 +-
 rds-postgres/main.tf      | 2 +-
 rds-postgres/variables.tf | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rds-postgres/README.md b/rds-postgres/README.md
index 01f3503..e7378c5 100644
--- a/rds-postgres/README.md
+++ b/rds-postgres/README.md
@@ -58,7 +58,7 @@ No modules.
 | <a name="input_egress_prefix_list_names"></a> [egress\_prefix\_list\_names](#input\_egress\_prefix\_list\_names) | List of prefix list names for eggress access | `list(string)` | `[]` | no |
 | <a name="input_egress_security_groups"></a> [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no |
 | <a name="input_enable_self"></a> [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no |
-| <a name="input_ingress_networks"></a> [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for external access (not all ports) | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_ingress_networks"></a> [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for external access (not all ports). Use null to disable built-in settings | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_ingress_prefix_list_names"></a> [ingress\_prefix\_list\_names](#input\_ingress\_prefix\_list\_names) | List of prefix list names for ingress access | `list(string)` | `[]` | no |
 | <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Security Group Name | `string` | `"m-postgres-db"` | no |
diff --git a/rds-postgres/main.tf b/rds-postgres/main.tf
index b1f8443..c74dae4 100644
--- a/rds-postgres/main.tf
+++ b/rds-postgres/main.tf
@@ -54,7 +54,7 @@ resource "aws_security_group" "this_security_group" {
 
   # ingresss external port list (list + vpc if enabaled)
   dynamic "ingress" {
-    for_each = local.port_map["external"]
+    for_each = var.ingress_networks != null ? local.port_map["external"] : toset([])
     iterator = p
     content {
       description = "${local.short_description}: ${p.value["description"]}"
diff --git a/rds-postgres/variables.tf b/rds-postgres/variables.tf
index b5845c7..77d98ad 100644
--- a/rds-postgres/variables.tf
+++ b/rds-postgres/variables.tf
@@ -46,7 +46,7 @@ variable "vpc_full_name" {
 }
 
 variable "ingress_networks" {
-  description = "List of ingress networks for external access (not all ports)"
+  description = "List of ingress networks for external access (not all ports). Use null to disable built-in settings"
   type        = list(string)
   default     = ["0.0.0.0/0"]
 }