fix

rds-postgres/main.tf

@@ -96,29 +96,29 @@ resource "aws_security_group" "this_security_group" {
   }
 
 
-  # ingress security group ids (all)
+  # ingress security group ids (just defined ports)
   dynamic "ingress" {
-    for_each = length(local.ingress_sg) > 0 ? { 1 = 1 } : {}
-    iterator = sg
+    for_each = length(local.ingress_sg) > 0 ? local.port_map["external"] : toset([])
+    iterator = p
     content {
-      description     = "${local.short_description}"
-      from_port       = 0
-      to_port         = 0
-      protocol        = -1
+      description     = "${local.short_description}: ${p.value["description"]}"
+      from_port       = p.value["from"]
+      to_port         = p.value["to"]
+      protocol        = p.value["proto"]
       security_groups = local.ingress_sg
     }
   }
 
 
   # ingress self (list with one or zero items)
   dynamic "ingress" {
-    for_each = local.self
+    for_each = local.self ? local.port_map["external"] : toset([])
     iterator = sg
     content {
-      description = "${local.short_description}: from self"
-      from_port   = 0
-      to_port     = 0
-      protocol    = -1
+      description = "${local.short_description}: ${p.value["description"]}"
+      from_port   = p.value["from"]
+      to_port     = p.value["to"]
+      protocol    = p.value["proto"]
       self        = true
     }
   }
@@ -149,7 +149,7 @@ resource "aws_security_group" "this_security_group" {
 
   # egress with prefix lists
   dynamic "egress" {
-    for_each = length(var.egress_prefix_list_names) > 0 ? local.port_map["external"] : toset([])
+    for_each = length(var.egress_prefix_list_names) > 0 ? { 1 = 1 } : {}
     iterator = p
     content {
       description     = "${local.short_description}"