From 4f89e89762ad7b71463e5d9cd9235503749a0134 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:05:17 -0400 Subject: [PATCH 01/10] add new custom SG for use with an input ingress list --- CHANGELOG.md | 6 ++ common/version.tf | 2 +- custom/README.md | 116 ++++++++++++++++++++++++ custom/data.tf | 1 + custom/data.vpc.tf | 1 + custom/defaults.tf | 7 ++ custom/logs/fmt.20211022.1634928634.log | 38 ++++++++ custom/logs/fmt.20211022.1634928647.log | 31 +++++++ custom/logs/fmt.20211022.1634928681.log | 4 + custom/logs/fmt.20211022.1634929316.log | 20 ++++ custom/logs/fmt.20211022.1634929343.log | 13 +++ custom/logs/fmt.20211022.1634929359.log | 5 + custom/main.tf | 66 ++++++++++++++ custom/output.tf | 1 + custom/ports.tf | 14 +++ custom/resources.tf | 1 + custom/settings.tf | 7 ++ custom/variables.common.tf | 1 + custom/variables.tf | 36 ++++++++ custom/variables.vpc.tf | 1 + custom/version.tf | 1 + custom/versions.tf | 1 + 22 files changed, 372 insertions(+), 1 deletion(-) create mode 100644 custom/README.md create mode 120000 custom/data.tf create mode 120000 custom/data.vpc.tf create mode 100644 custom/defaults.tf create mode 100644 custom/logs/fmt.20211022.1634928634.log create mode 100644 custom/logs/fmt.20211022.1634928647.log create mode 100644 custom/logs/fmt.20211022.1634928681.log create mode 100644 custom/logs/fmt.20211022.1634929316.log create mode 100644 custom/logs/fmt.20211022.1634929343.log create mode 100644 custom/logs/fmt.20211022.1634929359.log create mode 100644 custom/main.tf create mode 120000 custom/output.tf create mode 100644 custom/ports.tf create mode 120000 custom/resources.tf create mode 100644 custom/settings.tf create mode 120000 custom/variables.common.tf create mode 100644 custom/variables.tf create mode 120000 custom/variables.vpc.tf create mode 120000 custom/version.tf create mode 120000 custom/versions.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index fd239b5..b4a9417 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,12 @@ - sas - add sas submodule, which can be used for a general module or a specific application module +* v2.2.0 -- 20211022 + - custom + - create custom submodule, requires port list passed + +# OLDER + ## web * v1.0.0 -- 20210604 diff --git a/common/version.tf b/common/version.tf index 55a44df..d3e2658 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "2.1.0" + _module_version = "2.2.0" } diff --git a/custom/README.md b/custom/README.md new file mode 100644 index 0000000..6674c60 --- /dev/null +++ b/custom/README.md @@ -0,0 +1,116 @@ +# About custom + +This describes how to use the aws-common-security-groups submodule for custom. This applies the framework +for the common security groups to a set of ports of your own doing. + +You will need to provide a `ingress_port_list` list of the details, or a `ingress_port_map` which allows for a cleaner structure. +This creates an egress rule permitting all outbound access. + +# Usage +## Port list + +```hcl +module "mysg" { + source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom" + + vpc_id = var.vpc_id + name = "mysg" + description = "Security group for my" + short = "MY" + ingress_port_list = [ + [8080, 8080, "tcp", "http", ["0.0.0.0/0"]], + [8443, 8443, "tcp", "https", ["0.0.0.0/0"]], + ] + tags = merge( + local.common_tags, + tomap({ "Name" = "mysg" }), + ) +} +``` + +## Port Map + +```hcl +module "mysg" { + source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom" + + vpc_id = var.vpc_id + name = "mysg" + description = "Security group for my" + short = "MY" + ingress_port_map = [ + { + from = 8080 + to = 8080 + proto = "tcp" + description = "http" + cidr = ["0.0.0.0/0"] + }, + { + from = 8443 + to = 8443 + proto = "tcp" + description = "http" + cidr = ["0.0.0.0/0"] + }, + ] + tags = merge( + local.common_tags, + tomap({ "Name" = "mysg" }), + ) +} +``` + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_security_group.this_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_security_group.egress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | +| [aws_security_group.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | +| [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [description](#input\_description) | Security Group Description | `string` | `""` | no | +| [egress\_networks](#input\_egress\_networks) | List of egress networks (with all pre-defined egress ports) | `list(string)` | `[]` | no | +| [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | +| [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | +| [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list(string))` | n/a | yes | +| [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | +| [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | +| [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | +| [short\_description](#input\_short\_description) | Security Group Short Description | `string` | `""` | no | +| [tags](#input\_tags) | Extra security group tags | `map` | `{}` | no | +| [use\_vpc\_cidr](#input\_use\_vpc\_cidr) | Enable\|Disable use of VPC CIDR block in the ingress\_networks | `bool` | `false` | no | +| [vpc\_full\_name](#input\_vpc\_full\_name) | VPC Name | `string` | `""` | no | +| [vpc\_id](#input\_vpc\_id) | VPC ID Number | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [this\_security\_group\_arn](#output\_this\_security\_group\_arn) | Created security group ARN | +| [this\_security\_group\_id](#output\_this\_security\_group\_id) | Created security group ID | diff --git a/custom/data.tf b/custom/data.tf new file mode 120000 index 0000000..995624d --- /dev/null +++ b/custom/data.tf @@ -0,0 +1 @@ +../common/data.tf \ No newline at end of file diff --git a/custom/data.vpc.tf b/custom/data.vpc.tf new file mode 120000 index 0000000..197ea98 --- /dev/null +++ b/custom/data.vpc.tf @@ -0,0 +1 @@ +../common/data.vpc.tf \ No newline at end of file diff --git a/custom/defaults.tf b/custom/defaults.tf new file mode 100644 index 0000000..d314d14 --- /dev/null +++ b/custom/defaults.tf @@ -0,0 +1,7 @@ +locals { + _defaults = { + name = "{{ name }}" + description = "Security group for application" + short_description = "SG" + } +} diff --git a/custom/logs/fmt.20211022.1634928634.log b/custom/logs/fmt.20211022.1634928634.log new file mode 100644 index 0000000..b0b0b99 --- /dev/null +++ b/custom/logs/fmt.20211022.1634928634.log @@ -0,0 +1,38 @@ +# starting v1.4.4 action fmt file logs/fmt.20211022.1634928634.log stamp 20211022.1634928634 time 1634928634 + + +Error: Argument or block definition required + + on main.tf line 38: + (source code not available) + +An argument or block definition is required here. + + +Error: Invalid character + + on main.tf line 40: + (source code not available) + +The "`" character is not valid. To create a multi-line string, use the +"heredoc" syntax, like "< 0 ? [for p in local.ports : zipmap(local.p_fields, p)] : var.port_map + port_map = { "external" = local.p_map } +} diff --git a/custom/resources.tf b/custom/resources.tf new file mode 120000 index 0000000..6dd8c84 --- /dev/null +++ b/custom/resources.tf @@ -0,0 +1 @@ +../common/resources.tf \ No newline at end of file diff --git a/custom/settings.tf b/custom/settings.tf new file mode 100644 index 0000000..ffe1549 --- /dev/null +++ b/custom/settings.tf @@ -0,0 +1,7 @@ +locals { + name = var.name != "" ? var.name : local._defaults["name"] + is_modular = var.name == "" || length(regexall("^m-", var.name)) > 0 + enable_self = var.enable_self ? ! local.is_modular : false + description = var.description != "" ? var.description : local._defaults["description"] + short_description = var.short_description != "" ? var.short_description : local._defaults["short_description"] +} diff --git a/custom/variables.common.tf b/custom/variables.common.tf new file mode 120000 index 0000000..7439ed8 --- /dev/null +++ b/custom/variables.common.tf @@ -0,0 +1 @@ +../common/variables.common.tf \ No newline at end of file diff --git a/custom/variables.tf b/custom/variables.tf new file mode 100644 index 0000000..9ed5418 --- /dev/null +++ b/custom/variables.tf @@ -0,0 +1,36 @@ +variable "name" { + description = "Security Group Name (required)" + type = string +} + +variable "description" { + description = "Security Group Description" + type = string + default = "" +} + +variable "short_description" { + description = "Security Group Short Description" + type = string + default = "" +} + + +variable "ingress_port_list" { + description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" + type = list(list(string)) + defualt = [] +} + +variable "ingress_port_map" { + description = "Ingress port list of objects: from, to, proto, description and cidr(list)" + type = list(object({ + from = number + to = number + proto = any + description = string + cidr = list(string) + })) + default = [] +} + diff --git a/custom/variables.vpc.tf b/custom/variables.vpc.tf new file mode 120000 index 0000000..11a6813 --- /dev/null +++ b/custom/variables.vpc.tf @@ -0,0 +1 @@ +../common/variables.vpc.tf \ No newline at end of file diff --git a/custom/version.tf b/custom/version.tf new file mode 120000 index 0000000..b83c5b7 --- /dev/null +++ b/custom/version.tf @@ -0,0 +1 @@ +../common/version.tf \ No newline at end of file diff --git a/custom/versions.tf b/custom/versions.tf new file mode 120000 index 0000000..41bb22f --- /dev/null +++ b/custom/versions.tf @@ -0,0 +1 @@ +../common/versions.tf \ No newline at end of file From 99b97b91983f6b53ffbfd4998ebede2699e2e566 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:21:13 -0400 Subject: [PATCH 02/10] fix --- custom/README.md | 2 +- custom/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/README.md b/custom/README.md index 6674c60..ae3cc1b 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list(string))` | n/a | yes | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list(string))` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index 9ed5418..e89333d 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -19,7 +19,7 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" type = list(list(string)) - defualt = [] + default = [] } variable "ingress_port_map" { From 045bb2b50056d36a5760e9109a5b04d3ce99876a Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:23:45 -0400 Subject: [PATCH 03/10] add ingress_ to port stuff --- custom/ports.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/ports.tf b/custom/ports.tf index afd56b7..554dbd1 100644 --- a/custom/ports.tf +++ b/custom/ports.tf @@ -1,5 +1,5 @@ locals { - ports = var.port_list + ports = var.ingress_port_list ingress_networks = var.ingress_networks egress_networks = var.egress_networks @@ -9,6 +9,6 @@ locals { egress_sg = var.egress_security_groups p_fields = ["from", "to", "proto", "description", "cidr"] - p_map = length(var.port_list) > 0 ? [for p in local.ports : zipmap(local.p_fields, p)] : var.port_map + p_map = length(var.ingress_port_list) > 0 ? [for p in local.ports : zipmap(local.p_fields, p)] : var.ingress_port_map port_map = { "external" = local.p_map } } From 36aa603bcdf713cf3521ec414d7650868ef5d923 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:28:37 -0400 Subject: [PATCH 04/10] change string to any --- custom/README.md | 2 +- custom/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/README.md b/custom/README.md index ae3cc1b..383e1ff 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list(string))` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list(any))` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index e89333d..dd7c254 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -18,7 +18,7 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" - type = list(list(string)) + type = list(list(any)) default = [] } From 4b896203e4387e857e6191ce67762b1b25c51191 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:31:40 -0400 Subject: [PATCH 05/10] change list to tuple --- custom/README.md | 2 +- custom/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/README.md b/custom/README.md index 383e1ff..72c72d6 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list(any))` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(tuple(any))` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index dd7c254..c2d1083 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -18,7 +18,7 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" - type = list(list(any)) + type = list(tuple(any)) default = [] } From 4165dc99f48b71f6a1734e093d0fb98aa5cd0898 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:33:05 -0400 Subject: [PATCH 06/10] change tuple to list() --- custom/README.md | 2 +- custom/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/README.md b/custom/README.md index 72c72d6..5a8073d 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(tuple(any))` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list())` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index c2d1083..c6eada6 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -18,7 +18,7 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" - type = list(tuple(any)) + type = list(list()) default = [] } From 8a2f9e5f7ec9233555c89a7998bbaafe3bac6624 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:34:08 -0400 Subject: [PATCH 07/10] fix --- custom/README.md | 2 +- custom/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/README.md b/custom/README.md index 5a8073d..ed177bb 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(list())` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list()` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index c6eada6..25bcf80 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -18,7 +18,7 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" - type = list(list()) + type = list() default = [] } From 1176de4261c59b291b0f9fc59b93c19ff5772df7 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:36:18 -0400 Subject: [PATCH 08/10] fix --- custom/README.md | 2 +- custom/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/README.md b/custom/README.md index ed177bb..3d229d2 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list()` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(tuple(number, number, any, string, list))` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index 25bcf80..7aae9ae 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -18,7 +18,7 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" - type = list() + type = list(tuple(number, number, any, string, list)) default = [] } From 9ed24536baffaa5665785617956f0429f4d1c628 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:37:03 -0400 Subject: [PATCH 09/10] fix --- custom/README.md | 2 +- custom/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom/README.md b/custom/README.md index 3d229d2..b8be5e6 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(tuple(number, number, any, string, list))` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(tuple([number, number, any, string, list]))` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index 7aae9ae..256628a 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -18,7 +18,7 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" - type = list(tuple(number, number, any, string, list)) + type = list(tuple([number, number, any, string, list])) default = [] } From 81e389f5b47499187cd811190d43bfd71da9ffd1 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 22 Oct 2021 15:38:38 -0400 Subject: [PATCH 10/10] fix --- custom/README.md | 2 +- custom/variables.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/custom/README.md b/custom/README.md index b8be5e6..5fb675f 100644 --- a/custom/README.md +++ b/custom/README.md @@ -98,7 +98,7 @@ No modules. | [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | | [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | | [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no | -| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list(tuple([number, number, any, string, list]))` | `[]` | no | +| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list` | `[]` | no | | [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | 
list(object({
    from        = number
    to          = number
    proto       = any
    description = string
    cidr        = list(string)
  }))
| `[]` | no | | [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | | [name](#input\_name) | Security Group Name (required) | `string` | n/a | yes | diff --git a/custom/variables.tf b/custom/variables.tf index 256628a..4297e14 100644 --- a/custom/variables.tf +++ b/custom/variables.tf @@ -18,8 +18,8 @@ variable "short_description" { variable "ingress_port_list" { description = "Ingress port list of 5-tuple: from, to, proto, description, and cidr(list)" - type = list(tuple([number, number, any, string, list])) - default = [] + # type = list(tuple([number, number, any, string, list])) + default = [] } variable "ingress_port_map" {