Merge pull request #33 from terraform-modules/fix/allow-remote-sg

Fix/allow remote sg
terraform-modules · Nov 20, 2025 · ad5970d · ad5970d
2 parents 6734cbd + 0a310ae
commit ad5970d
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -91,3 +91,9 @@
 
 * 2.8.1 -- 2025-10-02
   - https: add module
+
+* 2.9.0 -- 2025-11-20
+  - custom
+    - change the data resources for ingress and egress SG list to not try to look them up to get names if they
+      include a /, like for ACCOUNT/SGID for a referenced SG
+    - use the actual passed value in the name if it is a referenced SG
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.8.1"
+  _module_version = "2.9.0"
 }
diff --git a/custom/custom.tf b/custom/custom.tf
@@ -1,8 +1,10 @@
 locals {
   vpc_networks              = var.use_vpc_cidr ? [data.aws_vpc.this_vpc[0].cidr_block] : []
   external_ingress_networks = compact(concat(local.vpc_networks, local.ingress_networks))
-  ingress_sg_names          = zipmap(var.ingress_security_groups, data.aws_security_group.ingress_security_groups[*].name)
-  egress_sg_names           = zipmap(var.egress_security_groups, data.aws_security_group.egress_security_groups[*].name)
+  #  ingress_sg_names          = zipmap(var.ingress_security_groups, data.aws_security_group.ingress_security_groups[*].name)
+  #  egress_sg_names           = zipmap(var.egress_security_groups, data.aws_security_group.egress_security_groups[*].name)
+  ingress_sg_names = { for sg in var.ingress_security_groups : sg => lookup(data.aws_security_group.ingress_security_groups, sg, { name = sg })["name"] }
+  egress_sg_names  = { for sg in var.egress_security_groups : sg => lookup(data.aws_security_group.egress_security_groups, sg, { name = sg })["name"] }
   #  self                      = var.enable_self ? local.self_ports : []
 }
 

diff --git a/custom/data.vpc.tf b/custom/data.vpc.tf
diff --git a/custom/data.vpc.tf b/custom/data.vpc.tf
@@ -0,0 +1,18 @@
+data "aws_vpc" "this_vpc" {
+  count = var.use_vpc_cidr ? 1 : 0
+  id    = var.vpc_id
+}
+
+data "aws_security_group" "ingress_security_groups" {
+  #  count = length(var.ingress_security_groups)
+  #  id    = element(var.ingress_security_groups, count.index)
+  for_each = toset([for sg in var.ingress_security_groups : sg if !strcontains(sg, "/")])
+  id       = each.key
+}
+
+data "aws_security_group" "egress_security_groups" {
+  #  count = length(var.egress_security_groups)
+  #  id    = element(var.egress_security_groups, count.index)
+  for_each = toset([for sg in var.egress_security_groups : sg if !strcontains(sg, "/")])
+  id       = each.key
+}