add docs and example

terraform-modules · Aug 26, 2025 · aa508ce · aa508ce
1 parent 8acc43e
commit aa508ce
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -82,3 +82,6 @@
 
 * 2.6.2 -- 2025-05-29
   - it-windows-base: remove app28.csvd.census.gov from hosts
+
+* 2.7.0 -- 2025-08-26
+  - custom: add prefix list capability
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.6.2"
+  _module_version = "2.7.0"
 }
diff --git a/custom/README.md b/custom/README.md
@@ -100,6 +100,24 @@ module "sg_test" {
 }
 ```
 
+## ingress\_prefix\_list\_names and ingress\_prefix\_list\_ports
+In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists
+will be looked up and the resultant IDs used in the security group for inbound port access to
+the port structure in `ingress_prefix_list_ports` as follows:
+
+```hcl
+[ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ]
+```
+
+## egress\_prefix\_list\_names and egress\_prefix\_list\_ports
+In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists
+will be looked up and the resultant IDs used in the security group for outbound port access to
+the port structure in `egress_prefix_list_ports` as follows:
+
+```hcl
+[ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ]
+```
+
 ## Requirements
 
 | Name | Version |

diff --git a/custom/main.tf b/custom/main.tf
@@ -100,6 +100,24 @@
 *   )
 * }
 * ```
+*
+* ## ingress_prefix_list_names and ingress_prefix_list_ports
+* In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists
+* will be looked up and the resultant IDs used in the security group for inbound port access to 
+* the port structure in `ingress_prefix_list_ports` as follows:
+*
+* ```hcl
+* [ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ]
+* ```
+*
+* ## egress_prefix_list_names and egress_prefix_list_ports
+* In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists
+* will be looked up and the resultant IDs used in the security group for outbound port access to 
+* the port structure in `egress_prefix_list_ports` as follows:
+*
+* ```hcl
+* [ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ]
+* ```
 */
 
 # all of the code is in resource.tf, this is here for documention
diff --git a/examples/custom-prefix-lists/main.tf b/examples/custom-prefix-lists/main.tf
@@ -0,0 +1,26 @@
+data "aws_vpc" "vpc" {
+  filter {
+    name   = "tag:Name"
+    values = [var.vpc_full_name]
+  }
+}
+
+module "sg_bigfix" {
+  source            = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom?ref=feature/add-prefix-list"
+  vpc_id            = data.aws_vpc.vpc.id
+  name              = "ois-bigfix"
+  description       = "OIS Bigfix Service Port"
+  short_description = "BigFix"
+  enable_self       = false
+
+  ingress_prefix_list_names = ["all-cloud.core"]
+  ingress_prefix_list_ports = [
+    { from = 52311, to = 52311, proto = "tcp", label = "BigFix-Relay" },
+  ]
+
+  tags = merge(
+    local.base_tags,
+    #    var.application_tags,
+    # etc
+  )
+}