From aa508ce926eea0a5ce98c800fcdef63d1c95a4e8 Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 26 Aug 2025 10:53:20 -0400 Subject: [PATCH] add docs and example --- CHANGELOG.md | 3 +++ common/version.tf | 2 +- custom/README.md | 18 ++++++++++++++++++ custom/main.tf | 18 ++++++++++++++++++ examples/custom-prefix-lists/main.tf | 26 ++++++++++++++++++++++++++ 5 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 examples/custom-prefix-lists/main.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e94eee..4af48d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -82,3 +82,6 @@ * 2.6.2 -- 2025-05-29 - it-windows-base: remove app28.csvd.census.gov from hosts + +* 2.7.0 -- 2025-08-26 + - custom: add prefix list capability diff --git a/common/version.tf b/common/version.tf index 4d32dce..2499cf3 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "2.6.2" + _module_version = "2.7.0" } diff --git a/custom/README.md b/custom/README.md index 81737ed..971300c 100644 --- a/custom/README.md +++ b/custom/README.md @@ -100,6 +100,24 @@ module "sg_test" { } ``` +## ingress\_prefix\_list\_names and ingress\_prefix\_list\_ports +In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists +will be looked up and the resultant IDs used in the security group for inbound port access to +the port structure in `ingress_prefix_list_ports` as follows: + +```hcl +[ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ] +``` + +## egress\_prefix\_list\_names and egress\_prefix\_list\_ports +In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists +will be looked up and the resultant IDs used in the security group for outbound port access to +the port structure in `egress_prefix_list_ports` as follows: + +```hcl +[ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ] +``` + ## Requirements | Name | Version | diff --git a/custom/main.tf b/custom/main.tf index 57f4377..7164807 100644 --- a/custom/main.tf +++ b/custom/main.tf @@ -100,6 +100,24 @@ * ) * } * ``` +* +* ## ingress_prefix_list_names and ingress_prefix_list_ports +* In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists +* will be looked up and the resultant IDs used in the security group for inbound port access to +* the port structure in `ingress_prefix_list_ports` as follows: +* +* ```hcl +* [ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ] +* ``` +* +* ## egress_prefix_list_names and egress_prefix_list_ports +* In order to use a managed prefix list, you may pass a list of names in this field. The prefix lists +* will be looked up and the resultant IDs used in the security group for outbound port access to +* the port structure in `egress_prefix_list_ports` as follows: +* +* ```hcl +* [ { from = NUMBER, to = NUMBER, proto = NUMBER-OR-STRING, label = STRING }, ] +* ``` */ # all of the code is in resource.tf, this is here for documention diff --git a/examples/custom-prefix-lists/main.tf b/examples/custom-prefix-lists/main.tf new file mode 100644 index 0000000..71bb23e --- /dev/null +++ b/examples/custom-prefix-lists/main.tf @@ -0,0 +1,26 @@ +data "aws_vpc" "vpc" { + filter { + name = "tag:Name" + values = [var.vpc_full_name] + } +} + +module "sg_bigfix" { + source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom?ref=feature/add-prefix-list" + vpc_id = data.aws_vpc.vpc.id + name = "ois-bigfix" + description = "OIS Bigfix Service Port" + short_description = "BigFix" + enable_self = false + + ingress_prefix_list_names = ["all-cloud.core"] + ingress_prefix_list_ports = [ + { from = 52311, to = 52311, proto = "tcp", label = "BigFix-Relay" }, + ] + + tags = merge( + local.base_tags, + # var.application_tags, + # etc + ) +}