Make default security group optional (#9)

s2504s · const-bon · commit a60fba5f4bb8 · 2017-09-22T18:08:43.000+03:00
diff --git a/main.tf b/main.tf
@@ -38,6 +38,7 @@ resource "aws_iam_role" "default" {
 }
 
 resource "aws_security_group" "default" {
+  count       = "${var.create_default_security_group}"
   name        = "${module.label.id}"
   vpc_id      = "${var.vpc_id}"
   description = "Instance default security group (only egress access is allowed)"
@@ -88,7 +89,7 @@ resource "aws_instance" "default" {
   user_data = "${data.template_file.user_data.rendered}"
 
   vpc_security_group_ids = [
-    "${compact(concat(list(aws_security_group.default.id), var.security_groups))}",
+    "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}",
   ]
 
   iam_instance_profile        = "${aws_iam_instance_profile.default.name}"
diff --git a/outputs.tf b/outputs.tf
@@ -22,8 +22,8 @@ output "ssh_key_pair" {
   value = "${var.ssh_key_pair}"
 }
 
-output "security_group_id" {
-  value = "${aws_security_group.default.id}"
+output "security_group_ids" {
+  value = "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}"
 }
 
 output "role" {
diff --git a/variables.tf b/variables.tf
@@ -36,6 +36,7 @@ variable "vpc_id" {}
 
 variable "security_groups" {
   type = "list"
+  default = []
 }
 
 variable "subnets" {
@@ -103,3 +104,8 @@ variable "metric_threshold" {
 variable "default_alarm_action" {
   default = "action/actions/AWS_EC2.InstanceId.Reboot/1.0"
 }
+
+variable "create_default_security_group" {
+  description = "Create default Security Group with Egress traffic allowed only"
+  default = true
+}

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ resource "aws_iam_role" "default" {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`resource "aws_security_group" "default" {`
	`41`	`+ count = "${var.create_default_security_group}"`
`41`	`42`	`name = "${module.label.id}"`
`42`	`43`	`vpc_id = "${var.vpc_id}"`
`43`	`44`	`description = "Instance default security group (only egress access is allowed)"`
`@@ -88,7 +89,7 @@ resource "aws_instance" "default" {`
`88`	`89`	`user_data = "${data.template_file.user_data.rendered}"`
`89`	`90`
`90`	`91`	`vpc_security_group_ids = [`
`91`		`- "${compact(concat(list(aws_security_group.default.id), var.security_groups))}",`
	`92`	`+ "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}",`
`92`	`93`	`]`
`93`	`94`
`94`	`95`	`iam_instance_profile = "${aws_iam_instance_profile.default.name}"`
Original file line number	Diff line number	Diff line change
`@@ -22,8 +22,8 @@ output "ssh_key_pair" {`
`22`	`22`	`value = "${var.ssh_key_pair}"`
`23`	`23`	`}`
`24`	`24`
`25`		`-output "security_group_id" {`
`26`		`- value = "${aws_security_group.default.id}"`
	`25`	`+output "security_group_ids" {`
	`26`	`+ value = "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}"`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`output "role" {`
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ variable "vpc_id" {}`
`36`	`36`
`37`	`37`	`variable "security_groups" {`
`38`	`38`	`type = "list"`
	`39`	`+ default = []`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`variable "subnets" {`
`@@ -103,3 +104,8 @@ variable "metric_threshold" {`
`103`	`104`	`variable "default_alarm_action" {`
`104`	`105`	`default = "action/actions/AWS_EC2.InstanceId.Reboot/1.0"`
`105`	`106`	`}`
	`107`	`+`
	`108`	`+variable "create_default_security_group" {`
	`109`	`+ description = "Create default Security Group with Egress traffic allowed only"`
	`110`	`+ default = true`
	`111`	`+}`