Skip to content

Commit 5a0cf3a

Browse files
anmolnagpalanmolnagpal
committed
feat: added sg description
1 parent 04d4b04 commit 5a0cf3a

File tree

2 files changed

+8
-3
lines changed

2 files changed

+8
-3
lines changed

main.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,10 @@ data "aws_security_group" "existing" {
3939
## Below resources will create SECURITY-GROUP-RULE and its components.
4040
##----------------------------------------------------------------------------------
4141
#tfsec:ignore:aws-ec2-no-public-egress-sgr
42-
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
4342
resource "aws_security_group_rule" "egress" {
4443
count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.is_external == false && var.egress_rule == true) ? 1 : 0
4544

45+
description = var.sg_egress_description
4646
type = "egress"
4747
from_port = 0
4848
to_port = 65535
@@ -51,21 +51,21 @@ resource "aws_security_group_rule" "egress" {
5151
security_group_id = join("", aws_security_group.default.*.id)
5252
}
5353
#tfsec:ignore:aws-ec2-no-public-egress-sgr
54-
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
5554
resource "aws_security_group_rule" "egress_ipv6" {
5655
count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.is_external == false) && var.egress_rule == true ? 1 : 0
5756

57+
description = var.sg_egress_description
5858
type = "egress"
5959
from_port = 0
6060
to_port = 65535
6161
protocol = "-1"
6262
ipv6_cidr_blocks = ["::/0"]
6363
security_group_id = join("", aws_security_group.default.*.id)
6464
}
65-
#tfsec:ignore:aws-ec2-add-description-to-security-group-rule
6665
resource "aws_security_group_rule" "ingress" {
6766
count = length(var.allowed_ip) > 0 == true && length(var.sg_ids) < 1 ? length(compact(var.allowed_ports)) : 0
6867

68+
description = var.sg_egress_description
6969
type = "ingress"
7070
from_port = element(var.allowed_ports, count.index)
7171
to_port = element(var.allowed_ports, count.index)

variables.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -375,6 +375,11 @@ variable "sg_description" {
375375
default = "Instance default security group (only egress access is allowed)."
376376
description = "The security group description."
377377
}
378+
variable "sg_egress_description" {
379+
type = string
380+
default = "Description of the rule."
381+
description = "Description of the egress and ingress rule"
382+
}
378383

379384
##---------------------route53------------------------
380385
variable "route53_record_enabled" {

0 commit comments

Comments
 (0)