From f49a73e123b0c2ceb642851bbbc4bfb1046da40b Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 12 Dec 2024 14:31:43 -0500 Subject: [PATCH] update --- emr/README.md | 1 + emr/main.tf | 47 +++++++++++++++++++++++++++++++++-------------- emr/settings.yml | 1 + 3 files changed, 35 insertions(+), 14 deletions(-) diff --git a/emr/README.md b/emr/README.md index c9e1a6e..1f4ea94 100644 --- a/emr/README.md +++ b/emr/README.md @@ -57,6 +57,7 @@ No modules. | Name | Type | |------|------| | [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_vpc_security_group_ingress_rule.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource | | [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs diff --git a/emr/main.tf b/emr/main.tf index ab7462c..3d76e4f 100644 --- a/emr/main.tf +++ b/emr/main.tf @@ -69,8 +69,15 @@ locals { locals { _sg = yamldecode(file("${path.module}/settings.yml")) sg = { for sg in local._sg["security-groups"] : sg.name => merge(sg, { ingress_networks = flatten(distinct(compact(concat(local.ingress_networks, sg.vpc_cidr ? [data.aws_vpc.this_vpc.cidr_block] : [])))) }) } + sg2 = [for k, v in local.sg : { for i in v.ingress : format("%v:%v:%v", k, i.from, i.proto) => merge(i, { + key = k, + label = format("%v:%v:%v", k, i.from, i.proto) + cidr_blocks = try(i.cidr_blocks, null) == "incoming" ? local.ingress_networks : [] + }) }] + # sg3 = [ for x in local.sg2: k => merge(v, } + # create group with just egress. Add all ingress via secondary resource resource "aws_security_group" "sg" { for_each = local.sg @@ -86,20 +93,20 @@ resource "aws_security_group" "sg" { cidr_blocks = local.egress_networks } - dynamic "ingress" { - for_each = { for i in each.value.ingress : format("%v:%v", i.from, i.proto) => merge({ label = format("%v:%v", i.from, i.proto) }, i) } - iterator = p - content { - description = p.value.short - from_port = p.value.from - to_port = try(p.value.to, p.value.from) - protocol = p.value.proto - cidr_blocks = try(p.value.cidr_blocks, null) == "incoming" ? p.value.ingress_networks : [] - # prefix_list_ids = - security_groups = length(try(p.value.ingress_security_groups, [])) > 0 ? [for k, v in aws_security_group.sg : v.id if contains(p.value.ingress_security_groups, k)] : [] - self = try(p.value.self, false) - } - } + ## dynamic "ingress" { + ## for_each = { for i in each.value.ingress : format("%v:%v", i.from, i.proto) => merge({ label = format("%v:%v", i.from, i.proto) }, i) } + ## iterator = p + ## content { + ## description = p.value.short + ## from_port = p.value.from + ## to_port = try(p.value.to, p.value.from) + ## protocol = p.value.proto + ## cidr_blocks = try(p.value.cidr_blocks, null) == "incoming" ? p.value.ingress_networks : [] + ## # prefix_list_ids = + ## security_groups = length(try(p.value.ingress_security_groups, [])) > 0 ? [for k, v in aws_security_group.sg : v.id if contains(p.value.ingress_security_groups, k)] : [] + ## self = try(p.value.self, false) + ## } + ## } tags = merge( local.base_tags, @@ -108,6 +115,18 @@ resource "aws_security_group" "sg" { ) } +# self +resource "aws_vpc_security_group_ingress_rule" "self" { + for_each = { for k, v in local.sg : k => v.id if try(local.sg[k].self, false) } + + security_group_id = aws_security_group.example.id + description = "self" + from_port = 0 + to_port = 0 + protocol = -1 + self = true +} + ## # ingress with prefix lists ## dynamic "ingress" { diff --git a/emr/settings.yml b/emr/settings.yml index c5bac02..9105686 100644 --- a/emr/settings.yml +++ b/emr/settings.yml @@ -84,3 +84,4 @@ security-groups: description: "EMR Studio" self: false vpc_cidr: false + ingress: []