update

terraform-modules · Dec 12, 2024 · f49a73e · f49a73e
1 parent 01d372a
commit f49a73e
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 14 deletions.
diff --git a/emr/README.md b/emr/README.md
@@ -57,6 +57,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_vpc_security_group_ingress_rule.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
 | [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs

diff --git a/emr/main.tf b/emr/main.tf
@@ -69,8 +69,15 @@ locals {
 locals {
   _sg = yamldecode(file("${path.module}/settings.yml"))
   sg  = { for sg in local._sg["security-groups"] : sg.name => merge(sg, { ingress_networks = flatten(distinct(compact(concat(local.ingress_networks, sg.vpc_cidr ? [data.aws_vpc.this_vpc.cidr_block] : [])))) }) }
+  sg2 = [for k, v in local.sg : { for i in v.ingress : format("%v:%v:%v", k, i.from, i.proto) => merge(i, {
+    key         = k,
+    label       = format("%v:%v:%v", k, i.from, i.proto)
+    cidr_blocks = try(i.cidr_blocks, null) == "incoming" ? local.ingress_networks : []
+  }) }]
+  #  sg3 = [ for x in local.sg2: k => merge(v,
 }
 
+
 # create group with just egress. Add all ingress via secondary resource
 resource "aws_security_group" "sg" {
   for_each    = local.sg
@@ -86,20 +93,20 @@ resource "aws_security_group" "sg" {
     cidr_blocks = local.egress_networks
   }
 
-  dynamic "ingress" {
-    for_each = { for i in each.value.ingress : format("%v:%v", i.from, i.proto) => merge({ label = format("%v:%v", i.from, i.proto) }, i) }
-    iterator = p
-    content {
-      description = p.value.short
-      from_port   = p.value.from
-      to_port     = try(p.value.to, p.value.from)
-      protocol    = p.value.proto
-      cidr_blocks = try(p.value.cidr_blocks, null) == "incoming" ? p.value.ingress_networks : []
-      #      prefix_list_ids = 
-      security_groups = length(try(p.value.ingress_security_groups, [])) > 0 ? [for k, v in aws_security_group.sg : v.id if contains(p.value.ingress_security_groups, k)] : []
-      self            = try(p.value.self, false)
-    }
-  }
+  ##   dynamic "ingress" {
+  ##     for_each = { for i in each.value.ingress : format("%v:%v", i.from, i.proto) => merge({ label = format("%v:%v", i.from, i.proto) }, i) }
+  ##     iterator = p
+  ##     content {
+  ##       description = p.value.short
+  ##       from_port   = p.value.from
+  ##       to_port     = try(p.value.to, p.value.from)
+  ##       protocol    = p.value.proto
+  ##       cidr_blocks = try(p.value.cidr_blocks, null) == "incoming" ? p.value.ingress_networks : []
+  ##       #      prefix_list_ids = 
+  ##       security_groups = length(try(p.value.ingress_security_groups, [])) > 0 ? [for k, v in aws_security_group.sg : v.id if contains(p.value.ingress_security_groups, k)] : []
+  ##       self            = try(p.value.self, false)
+  ##     }
+  ##   }
 
   tags = merge(
     local.base_tags,
@@ -108,6 +115,18 @@ resource "aws_security_group" "sg" {
   )
 }
 
+# self
+resource "aws_vpc_security_group_ingress_rule" "self" {
+  for_each = { for k, v in local.sg : k => v.id if try(local.sg[k].self, false) }
+
+  security_group_id = aws_security_group.example.id
+  description       = "self"
+  from_port         = 0
+  to_port           = 0
+  protocol          = -1
+  self              = true
+}
+
 
 ##   # ingress with prefix lists
 ##   dynamic "ingress" {

diff --git a/emr/settings.yml b/emr/settings.yml
@@ -84,3 +84,4 @@ security-groups:
     description: "EMR Studio"
     self: false
     vpc_cidr: false
+    ingress: []